Details of the industry-hobbling Colonial Pipeline cyberattack are starting to emerge. Reuters and Bloomberg say the hack was likely the work of a cybercriminal group, and that the ransomware gang DarkSide appears to be the primary suspect. Bloomberg claims DarkSide stole almost 100GB of data in two hours on May 6th as part of a “double-extortion scheme” where intruders threatened to both leak company data and lock Colonial out of its information.
It’s not certain if Colonial agreed to pay a ransom. The oil and gas giant reportedly asked FireEye’s Mandiant forensics team to help investigate the breach.
The attack was important enough to get the US government’s involvement, regardless of who was responsible. Officials were scrambling to help Colonial restore its fuel supply business, while Reuters understood that a government investigation was in the “early stages.” President Biden received a briefing on May 8th.
If DarkSide or a similar group is involved, this would represent one of the most impactful ransomware campaigns to date. Hackers have targeted city governments and other key infrastructure before, but Colonial’s reach could lead to extensive problems if it can’t recover quickly. The company provides nearly half of the East Coast’s fuel supply, including at airports. A lengthy shutdown could restrict travel across the US and have a knock-on effect for the American economy at large.