On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline.[4][5][6] The Colonial Pipeline Company halted all pipeline operations to contain the attack.[7][8][9][10] Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours;[11][12] upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.[12]
The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9.[13] It was the largest cyberattack on an oil infrastructure target in the history of the United States.[2] The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party.[14] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[1]
On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (about 84% of the original payment) from the ransom payment,[15] but due to a crash in the value of Bitcoin in late May,[16] the recovered bitcoins were worth only around $2.3 million USD,[15] roughly half of their original value.
This was one of first high profile corporate cyber attacks which started from a breached employee personal password likely found on the dark web rather than a direct attack on the company's systems.[17]
^ abRobertson, Jordan; Turton, William (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News. Archived from the original on May 9, 2021. Retrieved May 9, 2021.
^ abGonzalez, Gloria; Lefebvre, Ben; Geller, Eric (May 8, 2021). "'Jugular' of the U.S. fuel pipeline system shuts down after cyberattack". Politico. Archived from the original on May 9, 2021. Retrieved May 9, 2021. The infiltration of a major fuel pipeline is "the most significant, successful attack on energy infrastructure we know of."
^Helmore, Edward (May 10, 2021). "FBI confirms DarkSide hacking group behind US pipeline shutdown". The Guardian. Archived from the original on May 12, 2021. Retrieved May 10, 2021.
^Bing, Christopher; Kelly, Stephanie (May 8, 2021). "Cyber attack shuts down top U.S. fuel pipeline network". Reuters. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Segers, Grace (May 8, 2021). "Cyberattack prompts major pipeline operator to halt operations". CBS News. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Peñaloza, Marisa (May 8, 2021). "Cybersecurity Attack Shuts Down A Top U.S. Gasoline Pipeline". NPR. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Sanger, David; Krauss, Clifford; Perlroth, Nicole (May 8, 2021). "Cyberattack Forces a Shutdown of a Top U.S. Pipeline". New York Times. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Eaton, Collin; Volz, Dustin (May 8, 2021). "U.S. Pipeline Cyberattack Forces Closure". Wall Street Journal. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Stracqualursi, Veronica; Saenz, Arlette; Sands, Geneva (May 8, 2021). "Cyberattack forces major US fuel pipeline to shut down". CNN. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Romero, Dennis (May 8, 2021). "Colonial Pipeline blames ransomware for pipeline shutdown". NBC News. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
^Marquardt, Alex; Perez, Evan; Cohen, Zachary (June 7, 2021). "First on CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers | CNN Politics". CNN. Retrieved July 16, 2023.
^ abTurton, William; Riley, Michael; Jacobs, Jennifer (May 12, 2021). "Colonial Pipeline Paid Hackers nearly $5 Million in Ransom". Bloomberg.
^Falconer, Rebecca (May 10, 2021). "Emergency declaration issued in 17 states and D.C. over fuel pipeline cyberattack". Axios. Retrieved May 10, 2021.
^Javers, Eamon (May 10, 2021). "Here's the hacking group responsible for the Colonial Pipeline shutdown". CNBC. Archived from the original on May 10, 2021. Retrieved May 11, 2021.
^ abMallin, Alexander; Barr, Luke (June 8, 2021). "DOJ seizes millions in ransom paid by Colonial Pipeline". ABC News. Retrieved July 16, 2023.
^Morrow, Allison (May 22, 2021). "A crypto crash wiped out $1 trillion this week. Here's what happened | CNN Business". CNN. Retrieved November 29, 2023.
^Turton, William; Mehrotra, Kartikay (June 4, 2021). "Hackers Breached Colonial Pipeline Using Compromised Password". Bloomberg.com. Retrieved August 25, 2022.
and 23 Related for: Colonial Pipeline ransomware attack information
suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The ColonialPipeline Company halted all pipeline operations...
associated with a draft of Chapter 2. ColonialPipelineransomwareattack – Ransomwareattack on American oil pipeline system BlueKeep (security vulnerability) –...
The ColonialPipeline is the largest pipeline system for refined oil products in the U.S. The pipeline – consisting of three tubes – is 5,500 miles (8...
software was reported. May: Operation of the U.S. ColonialPipeline is interrupted by a ransomware cyber operation. May: On 21 May 2021 Air India was...
blockchain analysis to recover most of the ransom from the ColonialPipelineransomwareattack. In 2022, IRS Criminal Investigations used blockchain analysis...
Ransomware as a service (RaaS) is a cybercrime business model where ransomware operators write software and affiliates pay to launch attacks using said...
Huge RansomwareAttack Written To Avoid Computers That Use Russian, Says New Report REvil. Darkside is the Ransomwareattacker of Colonialpipeline Paganini...
book highlights some of the prominent ransomwareattacks, such as the 2021 ColonialPipelineransomwareattack, and the 2017 infection of Britain's National...
on both Android and iPhone platforms in the wake of the ColonialPipelineransomwareattack "GasBuddy Organization Inc". Office of the Minnesota Secretary...
Windows PCs". Dudley, Renee; Golden, Daniel (24 May 2021). "The Colonialpipelineransomware hackers had a secret weapon: self-promoting cybersecurity firms"...
a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down. It was the most significant cybercrime attack on an Irish...
awarded keys to the city by the mayor of Huntersville. ColonialPipelineransomwareattack List of pipeline accidents in the United States in 2020 The spill...
infrastructure target in US history. ColonialPipeline temporarily halted the operations of the pipeline due to the ransomwareattack. The Department of Justice...
recovery of a bitcoin ransom paid in the ColonialPipeline cyber attack. The May 2021 hack forced the pipeline to pay a $4.4M ransom in bitcoin, though...
responsible for setting up cybersecurity regulations after the ColonialPipelineransomwareattack in May 2021. As of August 2022, they issued revised cybersecurity...
original on 29 June 2021. Retrieved 10 July 2021. ColonialPipeline cyberattack WannaCry ransomwareattack - which affected the National Health Service in...
2017, two billion data records were stolen or impacted by cyber attacks, and ransomware payments reached US$2 billion, double that in 2016. In 2020, with...
United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The ransomwareattack crippled delivery of about...
Ransomware". The New York Times. Retrieved 5 August 2022. Gallagher, Ryan (4 February 2022). "RansomwareAttack in Germany Tied to ColonialPipeline Hackers"...