From hospitals,????? ???? ???????? ???????? ?? ????? ????? to ports, to kindergartens, to even golfers, ransomware operators have never exactly discriminated when it came to their potential victims. And as of Friday, they can officially notch a new one in their criminal belt: U.S. fuel pipelines.
According to a statement from Colonial Pipeline, which operates "the largest refined products pipeline in the United States," the company discovered Friday that its IT systems were affected by ransomware. In response, it proactively took its entire pipeline offline.
And to be clear, it's a lot of pipeline — running over 5,500 miles from New Jersey to Texas.
You May Also Like
Ransomware typically works by encrypting a victim's computer, and then demanding some form of payment — usually cryptocurrency — in exchange for the digital keys to restore the files. Sometimes the hackers responsible for ransomware actually do turn over decryption keys, but not always.
There's an ongoing debate about whether or not to pay attackers, with most officials and experts coming down on the side of never paying.
The company serves customers across the East Coast. Credit: colonial pipeline "Paying a ransom is often expensive, dangerous, and only refuels the attackers' capacity to continue their operations; bottom line, this equates to a proverbial pat on the back for the attackers," warned Microsoft's security team in 2019.
At the same time, victims, who may feel they have no other option, frequently do cough up the cryptocurrency.
While perhaps the most notable ransomware of the past few years, WannaCry, was blamed on North Korea, the Washington Postreports that unnamed officials believe an Eastern European-based criminal group by the name of DarkSide is responsible for the pipeline attack. It's not clear what form of payment, if any, the group behind the attack which crippled Colonial Pipeline's systems have demanded.
SEE ALSO: Teen ransomware 'K!NG' blew his loot on drugs, gambling, and sex
"Colonial Pipeline is taking steps to understand and resolve this issue," continued the company's statement. "At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation."
It's unclear just exactly how long that will take.
Topics Cybersecurity