Colonial Pipeline Cyberattack & Defense π¨
Case study on ransomware attack via stolen credentials, highlighting cybersecurity breaches and defense strategies.
CISO Online
183 views β’ Jul 18, 2023
About this video
Defending Against DarkSide: Unveiling the Colonial Pipeline Cyberattack
TYPE OF ATTACK: Ransomware
CAUSE: Compromised login credentials
IMPACT: Stole 100 gigabytes of data
In March 2021, the Colonial Pipeline fell victim to a cyberattack orchestrated by DarkSide, a Ransomware-as-a-Service (RaaS) group. The attackers gained access to the pipeline's network through compromised login credentials and ransomware. It was discovered that an exposed password for a VPN account, reused by a Colonial Pipeline employee, facilitated the breach. Within two hours, the attackers managed to steal 100 gigabytes of data and infect the pipeline's IT network with ransomware. As a result, the pipeline was shut down to prevent further spread of the malware, causing fuel shipments to be disrupted throughout the entire Eastern Seaboard of the USA.
The attack triggered panic-buying and long lines at gas stations, leading to fuel shortages in certain areas and surging gas prices. In response to the ransomware attack, Colonial Pipeline paid a ransom of 75 bitcoin (approximately $4.4 million) to DarkSide in exchange for the decryption key. DarkSide, known for offering their brand of malware on a subscription basis, utilized Salsa20 and RSA-1024 encryption protocols to encrypt systems and executed an encoded PowerShell command to delete volume shadow copies. The group was tracked as Gold Waterfall and is believed to have ties to the Russian-speaking REvil ransomware RaaS service.
Although Bitdefender released a decryptor for DarkSide malware in January 2021, the group claimed that it may no longer work due to a previously addressed issue. Bitdefender confirmed that the decryption tool was incompatible with the latest version of DarkSide malware. DarkSide not only focused on ransomware demands but also expressed willingness to collaborate with competitors or investors before leaking data.
This cyberattack on the Colonial Pipeline marked the largest-ever targeting of an oil infrastructure in the history of the United States. In response, President Biden signed an executive order aimed at enhancing federal cybersecurity measures, including the implementation of multi-factor authentication, data encryption for both resting and in-transit data, adopting a zero-trust approach, and improving endpoint protection and incident response.
Furthermore, the Department of Justice successfully recovered 63.7 bitcoins (approximately $2.3 million) from the ransom payment made to the attackers.
TYPE OF ATTACK: Ransomware
CAUSE: Compromised login credentials
IMPACT: Stole 100 gigabytes of data
In March 2021, the Colonial Pipeline fell victim to a cyberattack orchestrated by DarkSide, a Ransomware-as-a-Service (RaaS) group. The attackers gained access to the pipeline's network through compromised login credentials and ransomware. It was discovered that an exposed password for a VPN account, reused by a Colonial Pipeline employee, facilitated the breach. Within two hours, the attackers managed to steal 100 gigabytes of data and infect the pipeline's IT network with ransomware. As a result, the pipeline was shut down to prevent further spread of the malware, causing fuel shipments to be disrupted throughout the entire Eastern Seaboard of the USA.
The attack triggered panic-buying and long lines at gas stations, leading to fuel shortages in certain areas and surging gas prices. In response to the ransomware attack, Colonial Pipeline paid a ransom of 75 bitcoin (approximately $4.4 million) to DarkSide in exchange for the decryption key. DarkSide, known for offering their brand of malware on a subscription basis, utilized Salsa20 and RSA-1024 encryption protocols to encrypt systems and executed an encoded PowerShell command to delete volume shadow copies. The group was tracked as Gold Waterfall and is believed to have ties to the Russian-speaking REvil ransomware RaaS service.
Although Bitdefender released a decryptor for DarkSide malware in January 2021, the group claimed that it may no longer work due to a previously addressed issue. Bitdefender confirmed that the decryption tool was incompatible with the latest version of DarkSide malware. DarkSide not only focused on ransomware demands but also expressed willingness to collaborate with competitors or investors before leaking data.
This cyberattack on the Colonial Pipeline marked the largest-ever targeting of an oil infrastructure in the history of the United States. In response, President Biden signed an executive order aimed at enhancing federal cybersecurity measures, including the implementation of multi-factor authentication, data encryption for both resting and in-transit data, adopting a zero-trust approach, and improving endpoint protection and incident response.
Furthermore, the Department of Justice successfully recovered 63.7 bitcoins (approximately $2.3 million) from the ransom payment made to the attackers.
Video Information
Views
183
Likes
1
Duration
6:16
Published
Jul 18, 2023
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now