Data Breach Reported By Colonial Pipeline After Ransomware Attack

Data Breach Reported By Colonial Pipeline After Ransomware Attack

In the United States, the largest pipeline, the Colonial Pipeline has fallen prey to a ransomware attack in May. DarkSide ransomware attackers collected and exfiltrated data from the company network. This data contained the personal information of 5810 people. The information included names, contact info, health details, and ID. 

“…The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID, and driver’s license numbers), and health-related information (including health insurance information),…” as stated by Colonial Pipelines in the data breach notification letters sent out to the affected individuals.

For every individual, all of the before mentioned information was not extracted but a few of the list. 

Colonial Pipeline Shuts Down

The networks of Colonial Pipeline were hit on May 6, 2021. As they provide fuel for about half of the total fuel consumed in the US East Coast, they could not continue to operate. DarkSide operators have stolen approximately 100GB of data from the company’s networks.

The company realized that its networks were breached on May 7. Shortly after, they took down the systems offline for containing the threat. 

This shutdown caused the Department of Transportation’s Federal Motor Carrier Safety Administration (FMCSA) to declare a state of emergency. District of Colombia and 17 other states were in a state of emergency.

Due to such high levels of exposure, the DarkSide group ended its operation very suddenly. The group did not want attention from the US government along with media exposure. The operations were stopped only after cryptocurrency worth $4.4M was paid for a decryptor. The FBI successfully recovered a majority of it.

Forthcoming Of BlackMatter

Within two months, a ransomware operation emerged. They purchased network access from other attackers to launch attacks against corporate targets. This new ransomware operation is called BlackMatter. Their ransom demands are between $3M to $4M.

Emsisoft CTO, Fabian Wosar, who is also a ransomware expert has discovered an algorithm used exclusively by DarkSide, which BlackMatter has been using. The Salsa20 encryption algorithm is the name of the mentioned algorithm.

Conclusion

So it can be concluded, DarkSide had now been rebranded as BlackMatter. They are proactively attacking corporate companies. They also said that they will no longer target the oil and gasoline industry to not gain as much attention.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!