In the United States, the largest pipeline, the Colonial Pipeline has fallen prey to a ransomware attack in May. DarkSide ransomware attackers collected and exfiltrated data from the company network. This data contained the personal information of 5810 people. The information included names, contact info, health details, and ID.
“…The affected records contained certain personal information, such as name, contact information, date of birth, government-issued ID (such as Social Security, military ID, tax ID, and driver’s license numbers), and health-related information (including health insurance information),…” as stated by Colonial Pipelines in the data breach notification letters sent out to the affected individuals.
For every individual, all of the before mentioned information was not extracted but a few of the list.
Colonial Pipeline Shuts Down
The networks of Colonial Pipeline were hit on May 6, 2021. As they provide fuel for about half of the total fuel consumed in the US East Coast, they could not continue to operate. DarkSide operators have stolen approximately 100GB of data from the company’s networks.
The company realized that its networks were breached on May 7. Shortly after, they took down the systems offline for containing the threat.
This shutdown caused the Department of Transportation’s Federal Motor Carrier Safety Administration (FMCSA) to declare a state of emergency. District of Colombia and 17 other states were in a state of emergency.
Due to such high levels of exposure, the DarkSide group ended its operation very suddenly. The group did not want attention from the US government along with media exposure. The operations were stopped only after cryptocurrency worth $4.4M was paid for a decryptor. The FBI successfully recovered a majority of it.
Forthcoming Of BlackMatter
Within two months, a ransomware operation emerged. They purchased network access from other attackers to launch attacks against corporate targets. This new ransomware operation is called BlackMatter. Their ransom demands are between $3M to $4M.
Emsisoft CTO, Fabian Wosar, who is also a ransomware expert has discovered an algorithm used exclusively by DarkSide, which BlackMatter has been using. The Salsa20 encryption algorithm is the name of the mentioned algorithm.
So it can be concluded, DarkSide had now been rebranded as BlackMatter. They are proactively attacking corporate companies. They also said that they will no longer target the oil and gasoline industry to not gain as much attention.