Ransomware Attack on Colonial Pipeline Leads to Gas Crisis in the American Southeast

Ransomware attacks are nothing new, but when was the last time they made headlines by instigating a gas crisis? A Russia-backed hacking collective called DarkSide targeted Colonial Pipeline, a company responsible for almost 45 percent of the fuel for the Southeastern United States, with a devastating ransomware attack. The attack led to a spike in fuel prices and spotty availability while also showing cracks in the nation’s energy infrastructure, and it has even sparked a renewed interest in cybersecurity.

First, the Facts

The ransomware attack launched on Friday, May 7th, 2021, forcing Colonial Pipeline to shut down operations to put a halt to the spread and keep the attack from affecting the flow of fuel. Gas prices shot up by about six cents per gallon in a week. The pipeline is notable for running from Texas to New York, and it’s responsible for the transportation of an estimated 2.5 million barrels of fuel every day. The shutdown has created fuel shortages and, much like the great toilet paper crisis of 2020, caused panic buying in the southern United States. According to the administrators, this ransomware that caused the precautionary shutdown did not make it to the core system controls, but, notably, this instance could affect the supply chain in the short term.

Who is DarkSide?

Despite being a newcomer to the scene, DarkSide is incredibly ambitious. The group identifies as an apolitical hacking group with the goal of profiting off of others’ misfortune. Here is the statement that they issued after the FBI started a full-blown investigation into the group:

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

It appears that DarkSide is a professionally-run organization that deals specifically with ransomware. Their business model is called the Ransomware-as-a-Service model, where hackers develop and sell their ransomware to those looking to take part in nefarious deeds like the attack on Colonial Pipeline. Of particular note is their “double extortion” methods in which they threaten to take the stolen and encrypted data public if certain demands are not met. Ransoms are typically paid through cryptocurrency and can range as high as six or seven figures.

DarkSide appears to have its own code of ethics which keeps them from targeting organizations like hospitals, schools, non-profits, or government agencies. That being said, these are certainly no Robin Hood figures; their antics have created a considerable mess for millions of Americans.

Issues with Infrastructure Security

Cybersecurity professionals have been warning others about the dangers of aging infrastructure since long before the COVID-19 pandemic. Similar to the present situation, a 2015 cyberattack on a power grid in Ukraine left 250,000 people without electricity, and just like now, it got people talking about what improvements could potentially be made to these systems’ security infrastructure. While some improvements were made then, it was not nearly enough, and with the push for renewable energy and other more efficient deployment strategies, even more, technology is involved in these processes than before. All of these smart systems and a notable lack of security combine to create a cybersecurity powderkeg just waiting to go up in flames.

Of course, the pandemic has not made any of this any easier to handle. Systems in need of an update need to be connected to both public and private networks for remote access, and with so much more functionality being added in, the possibilities for vulnerabilities exponentially multiply. All it takes is one overlooked exploit for hackers to gain control of systems and influence the lives of countless people. While hackers creating a gas shortage is concerning, imagine what could happen if power grids or other public systems failed in the face of cyberattacks.

Perhaps the most concerning part of this whole dilemma is that no system is immune to these issues. This is hardly the first major cyberattack in the past year; in fact, it’s the fourth, according to the CISA. The Colonial Pipeline hack was preceded by a Solar Winds breach that allowed Russian Intelligence to hack into thousands of corporate and government servers, as well as an instance where Chinese nationals rented servers within the United States to infiltrate countless Microsoft Exchange servers and, finally, a yet-unknown hacker that used a tool called Codecov to install spyware on thousands of units.

If big names like Microsoft and Solar Winds can fall victim to these attacks, then you know these threats need to be taken seriously. It doesn’t matter if you are a big enterprise or a small business; you are at risk the same as any other organization.

Worrying about cybersecurity all the time is exhausting, so why not leave it to the professionals so you can focus on what truly matters? If you want to ensure your business is taking all necessary precautions, reach out to Lantek at (610) 683-6883.

May 26, 2021
Shawn Kramer