A widescale cyberattack took place last month at a Colonial Pipeline facility in Alabama. The attack resulted in the company’s systems, which were responsible for providing 45% of the fuel supply for the entire East Coast, being halted. Eventually, a ransom had to be paid to the hackers worth $5 million worth in Bitcoin, of which only $2.3 million were recovered by authorities. The attack was later confirmed to have been carried out by the notorious hacker group Darkside.
It was confirmed by external threat intelligence company Intsights, in a report, that this was not the first attack of a similar nature carried out by Darkside, nor were they the only organization targeting companies like Colonial Pipeline.
The report went on to state that, in the past, even deadlier attacks had occurred. One such incident was where a US natural gas facility was attacked, causing a compressor station to be affected, which resulted in the facility having to be shut down for days.
Darkside operations
Intsight analysts found data from underground criminal communities in February 2021 that Darkside was able to hack into a Brazilian electricity utility less than three months before their attack on Colonial Pipeline.
Darkside offers to purchase over 1TB of data, complete with credentials of users, network details, and information such as phone numbers and emails of customers and employees alike. They also offer to purchase tax accounts, sensitive material of companies as well as healthcare information. One of their attacks, in December 2020, saw Darkside affiliates compromise a US-based oilfield services contractor and steal the company’s data.
Multiple attacks
According to data gathered by Intsights, From May 2020 until May 2021, more than 20 energy companies faced cyberattacks, with half of those companies operating in the United States. A few examples of such attacks are:
- An Arizona mining, smelting, and refining company named Asarco was attacked in May 2021, which resulted in their employees having their identity documents released online for the world to see. Russia-linked organization REvi (also known as Sodinokibi) is thought to be responsible.
- The Royal Dutch Shell was attacked and saw copies of business contracts and employee identity documents stolen from their records. Russian-speaking gang, CL0p, was deemed responsible for the attack. Ukraine authorities even found several members of CL0p last week with over a million dollars recovered.
Once they have access to information, cybercriminals trade or sell this data on closed forums from anywhere between $700 to $24,000.
Criminal gold rush
Ransomware attacks have slowly grown to become one of the most popular forms of cyberattacks due to a multitude of factors. The most important amongst which are:
The COVID-19 pandemic, which reduced billions of people worldwide to shift to online work, which resulted in them using unsecured networks, and the success of double extortion tactics used by other cybercriminals, which allowed hackers to be able to gain access to security systems and steal sensitive information which they could late exploit.
Ransomware attacks disrupt businesses and individuals’ capacity to operate their systems, and they only gain access to them after paying the attackers, who then give the victims a digital key that allows them back into their networks.