Colonial pipeline location in Woodbine, Maryland
Photo: JIM LO SCALZO / EPA
A hacker attack not only forced the US company Colonial Pipeline to shut down one of the largest oil pipelines in the USA.
The attackers are said to have previously obtained almost 100 gigabytes of internal data from the company.
This is reported by the news portal »Bloomberg« and cites »people who are familiar with the process«.
This could mean double blackmail for Colonial Pipeline.
The company had already admitted in a statement on Saturday that it had been attacked with ransomware, i.e. with an extortion Trojan.
This type of malware usually encrypts files, drives and also backup copies.
The perpetrators demand a ransom for the key to unlock.
According to the »Wall Street Journal«, only IT systems are affected, not OT - operational technology, to which industrial control systems belong.
The pipeline operator was nevertheless forced to “take certain systems offline in order to contain the threat”.
In the meantime, however, ransomware groups are increasingly threatening to publish internal data of their victims and are demanding money for not doing so.
The logic behind it: Depending on the data and the type of company involved, the publication of e-mails, internal business information or intellectual property, for example, could be damaging to business.
While files and systems encrypted with ransomware can at best be restored from backup copies stored offline, there is no way to prevent the perpetrators from posting data online and making them aware of it in hacker forums or social media.
2.5 million barrels of fuel per day
Colonial Pipeline says it has switched on “a leading IT security company”.
It is said to be FireEye, but there is no official confirmation yet.
According to the Reuters news agency, investigators are checking whether the criminal group DarkSide is responsible for the hack.
DarkSide has been active since August 2020 and has been working with double blackmail right from the start.
The members are suspected to be in Russian-speaking countries.
An indication of this is the fact that the ransomware used checks whether the infected system is located within the Commonwealth of Independent States and will not be active in such a case.
Colonial Pipeline transports 2.5 million barrels of fuel per day from refineries on the Gulf Coast to eastern and southern states through its 8,850 kilometers of pipeline.
Around 45 percent of the US east coast's fuel supply flows through these pipelines.
In addition to the US military, customers also include several airports, including the one in Atlanta.