When Colonial Pipeline Co. met the dark side
How a hacker group shut down a major US pipeline and extorted nearly $5 million!
Most of us have heard that oil sourced from our planet will eventually run out, and we should look for more sustainable alternatives. But for a portion of the United States, the oil did run out – for a little while at least!
It wasn’t really that the oil, in the forms of petrol, diesel and jet fuel, was gone, but rather that it couldn’t be transported.
Why? Because a ransomware attack targeted and halted operations of the Colonial Pipeline, which carries 45% of the US East Coast’s fuel supply from Houston, Texas up to Linden, New Jersey.
But how was this ransomware attack able to affect such a vital pipeline, and what were the after-effects?
Keep reading to uncover the specifics of this fascinating real-world attack!
What happened?
The Colonial Pipeline ransomware attack took place on May 7th, 2021 and was first discovered when an employee found a ransom note on a control-room computer.
The ransomware attack shut down all of the company’s IT infrastructure, with Colonial Pipeline claiming that they took certain systems offline to contain the threat.
That same day, the CEO of Colonial Pipeline Co. made the difficult decision to pay the nearly $5 million ransom, made in the form of Bitcoin. Fortunately, US law-enforcement officials were later able to take back $2.4 million of the ransom paid to DarkSide.
After paying the ransom, the company received a decryption tool to unlock the systems penetrated by the cyber criminals. However, the decryption tool proved ineffective at properly getting the pipeline’s systems back up and running.
Consequently, the pipeline shut down for six days. This led to thousands of gas stations without fuel and increased oil prices to their highest levels in over six years!
It’s a scary thought that such a nationally, if not globally significant piece of infrastructure could be so unprepared in the face of a ransomware attack!
How did the Colonial Pipeline attack happen?
Ransomware is a type of code that holds computers hostage while demanding a ransom (payment) from the target to return the affected system to normal.
An Eastern European hacker group known as DarkSide was blamed for the ransomware attack on Colonial Pipeline.
DarkSide shut down Colonial Pipeline’s system by exfiltrating around 100 gigabytes of data which gave them leverage.
Even though the pipelines themselves weren’t affected, the fuel flows were stopped as the customer billing system was taken offline by the attack.
Ransomware is a type of code that holds computers hostage while demanding a ransom (payment) from the target to return the affected system to normal.
What would be the role of a cyber security professional in this incident?
The Colonial Pipeline ransomware attack could have been avoided with the help of a Penetration Tester, or Pen Tester for short.
A Pen Tester uses offensive techniques, following approval, in an attempt to breach computer systems. In doing so, the Pen Tester can uncover security weaknesses which are drawn up into a report for review. Exposing a vulnerability before a cyber criminal does means it can be resolved before the criminal has time to discover and exploit it.
If you were a Pen Tester working for the Colonial Pipeline, you’d have been thinking like a cyber criminal to identify all the ways to achieve a breach. You’d think ahead to potential cyber attacks, test these attacks on the computer systems and find ways to prevent them.
Want to find out if you would suit a Pen Tester role? Check out our Skill Tree blog to discover which personality traits and skills will help you land this role!
A Pen Tester uses offensive techniques, following approval, in an attempt to breach computer systems.
Want to fight back against cyber attacks like these? Try out fun cyber defence techniques with CyberStart Game - the most accessible route into cyber security!
