One of the largest fuel pipelines in the US, Colonial Pipeline, has been having a mitigation activity wherein they send alerts and notifications to users affected by a data breach issue coming from a ransomware attack called DarkSide last May.
According to Colonial Pipeline themselves, they have recently known about the DarkSide attack and learned that the threat actors could steal and exploit almost 6,000 individual documents with sensitive information. It was reported that a few of the stolen data include names, contact details, birthdays, government-issued identification information, and health details such as insurance data of the victims. Although, as claimed by the CEO and President of Colonial Pipeline, not all affected victims have been stolen with all the mentioned sensitive data. Some of them had been spared by severe attacks.
Colonial Pipeline temporarily pauses operation following the DarkSide ransomware attack
As the networks of Colonial Pipeline got hit by the DarkSide ransomware gang last May 6th of 2021, it was reported by many reliable sources upon investigation that the threat actors were able to steal about 100GB of important and highly sensitive data against the fuel pipeline’s system to which the said attack has lasted for over two hours.
The fuel firm has mitigated the problem by halting their pipeline operations and IT systems for the meantime while their internal groups work against the ransomware attack. They needed to proactively take some of their significant systems offline to fully control the ongoing threat.
This said blackout of the fuel company has been immediately followed by the FMCSA aka Department of Transportation’s Federal Motor Carrier Safety Administration because they had to declare a state of emergency to up to 17 states in the US and as well as the District of Columbia. Due to the heightened attention that the DarkSide threat actors receive from the US government, the media, and law enforcement, they had to eventually stop their attacks.
The rise of the BlackMatter
Within a couple of months after the shutdown of the DarkSide ransomware comes a brand-new attack operation called the BlackMatter. BlackMatter basically buys network access from other threat actors and then executes their planned attacks towards their victims, mostly corporations and big firms. They demand ransoms that range up to 4 million dollars.
Researchers believe that BlackMatter is simply a rebranded version of the infamous DarkSide ransomware.