Last week, the FBI confirmed that a ransomware attack organized by a cybercrime group called DarkSide forced the Colonial Pipeline into a voluntary shut down. During the six-day outage, panic buying caused a gas shortage across more than a dozen states in the southeast.
Pipeline Colonial is the most extensive pipeline system for refined oil products in the USA. The stoppage of the pipeline that delivers approximately half of the fuel across the southeast caused nearly 9 out of 10 gas stations in Washington, D.C., to be out of gas. The fuel was not only unavailable but also caused gas stations to increase prices dramatically. The cost nearly tripled in states such as Virginia, where pumping gas for $7 a gallon was a typical sight. And again, this was only available to drivers who were “lucky enough” to find a gas station that still had any fuel left. Some gas stations tried to battle panic buying by limiting the amount of gas purchased per customer.
After days of negotiations, anonymous sources, quoted by CNBC, said that Colonial Pipeline even paid approximately $5 million ransom to the hackers, even though government agencies strongly advised them not to pay the ransom as such actions encourage the hackers to keep extorting other companies.
How did a bunch of eastern European hackers pull out the worst cyber-attack to date on U.S. critical infrastructure and almost paralyze the capital of the free world?
The answer is easy – DarkSide used a backdoor to access the servers of Colonial Pipeline and infected the company’s servers with ransomware. Colonial Pipeline did not have another option but to voluntarily shut a big chunk of its operations to prevent the malicious software from spreading.
The oil giant is not the only victim of the group. This year, the cybercriminals successfully attacked CompuCom and managed to extort the I.T. company with more than $20 million. However, it is tough to estimate how much money has DarkSide made since they began operating. Unfortunately, such crimes often do not even make it to the public, as the companies affected simply pay the ransom and get back to business.
Who is DarkSide?
The hacker group responsible for the sophisticated cyber-attack is a relatively new hacker organization that many say originates in Russia. The cybercriminals appear to be very much money-driven, and there is no substantial evidence that they are a state-sponsored group. They simply made their way into the Colonial Pipeline servers and managed to encrypt a significant portion of the company’s files.
Cybersecurity experts are confident that the group did not plan on creating so much noise around the incident and very likely did not expect that their actions would cause gas shortages throughout the free world. After the attack, the hackers posted that they are apolitical and do not participate in geopolitics, and their goal is to make money and not create problems for society. They’ve previously tried to build a Robin Hood type of image by saying they would never attack healthcare facilities, schools, universities, non-profit organizations, or the government sector.
On Friday, DarkSide released a statement saying that they are officially shutting down. However, experts believe that the organization will eventually resurface under a different name.
Cyber incidents such as the attack on Colonial Pipeline show how quickly a hacker attack can interrupt everyday life. It also shows the power of social media – when the news about the cyber incident broke, everyone living in the affected states rushed to the gas stations buying all the fuel out there, which effectively caused a shortage and price gouging. The social media phenomenon even affected the people on the other side of the continent as news agencies reported mass-fuel buying in states such as California.