- The largest fuel pipeline in the US was hit by a ransomware cyber-attack.
- The gang behind the attack is Dark Side, which also shared what info they took.
- Dark Side leaks their rules and ethics for whom to attack and whom not.
Largest fuel pipeline hit by Ransomware Cyber-Attack:
The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.
The Colonial Pipeline carries 2.5 million barrels a day – 45% of the East Coast’s supply of diesel, petrol, and jet fuel.
The operator took itself offline on Friday after the cyber-attack and work to restore service is continuing.
The US government has relaxed rules on the fuel being transported by road.
It means drivers in 18 states can work extra or more flexible hours when transporting refined petroleum products.
Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network and locked the data on some computers and servers, demanding a ransom on Friday.
The gang tried to take almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.
What is Dark Side? and Their leak Images from Dark Web:
Dark Side is a firm that is active on the Dark web that operates as a business to attack any organization/company.
They have developed software that encrypts the data of the companies and steals them and after that, a message on the screen pops up asking for Ransom, shown below:
Dark Side also shows proof of the data they have stolen from the victims and also provides them a discount of up to 50% if they provide them, Ransom, they asked for.
They have also mention Ransom of the rule for their attacks, they shared a list for the sectors they will not attack.
In this list they said they will attack the following targets:
- Medicine Firms (those providing vaccines for Covid and medical staffs, nurses, or companies related to them)
- Funeral Services.
- Education (Schools and Universities).
- Non-profit Organizations.
- Government Sectors.
They also said, “We only attack companies that can pay the requested amount, we do not want to kill your business. Before any attack we carefully analyze your accountancy and determine how much you can pay based on your net income, you can ask all your questions in the chat before paying and our support will answer them”.
They also said that they can take help from their support team for paying the Ransom providing guarantees to the victims that their data is safe and they will share the decryption test file once they clear the Ransom and also provide support to decrypt their data.
The gang lists all the types of data it has stolen, and sends victims the URL of a “personal leak page” where the data is already loaded, waiting to be automatically published, should the company or organization not pay before the deadline is up.
How did the attack occur?
Digital Shadows said the Colonial attack was helped by the coronavirus pandemic, with more engineers remotely accessing control systems for the pipeline from home.