An ransomware attack on Colonial Pipeline networks prompted the United States to declare 17 states a state of emergency.
The news comes as the The US Federal Bureau of Investigation (FBI) has confirmed that ransomware attack is responsible for shutting down one of the country's largest pipelines over the weekend. The attack forced the Colonial Pipelien company to close the 8.800-kilometer fuel pipeline that starts in the city of Houston, Texas and ends in the port of New York. Of course, there was panic but also concerns about the vulnerability of US energy infrastructure to cyber attacks.
The States and jurisdictions affected Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, Mississippi, NY New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
The issue is serious as these states are likely to run out of fossil fuels of all kinds, and cause problems in aviation, vehicle traffic, etc. They try to cover the burden of market supply with tankers.
Colonial Pipeline continues to work with cybersecurity, law enforcement, and other federal services to restore pipeline operations quickly and safely. The U.S. government said Monday that there was no evidence that Russia was involved in the ransomware attack.
The blackmailers, on the other hand, are a group called Darkside, and its leaders left a message saying: "We are apolitical, we do not participate in geopolitics, you do not need to associate us with a specific government and look for other motives. Our goal is to make money and not create problems in society. ”
Darkside is a relatively new player in the ransomware game. However, it already has a good reputation in analyst circles as a professional and organized team. The team has a telephone number and a help desk to facilitate negotiations with its victims !!. They also seem to put a lot of effort into gathering information about their victims, not just technical information about their environment, but general information about the company itself, such as the size and estimated revenue of the organization.
DarkSide's motive is to issue corporate-style press releases to Tor to showcase professionalism in its criminal activities.
The Colonial Pipeline incident is the latest cyber attack on the US government in recent months, following the SolarWinds violations by rather Russian agents and the exploitation of Microsoft Exchange Server vulnerabilities by the Chinese.