Outbreak Alert

DarkSide Ransomware

Released: May 14, 2021

High Severity

Ransomware Type

Colonial Pipeline offline due to ransomware attack

On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring. Learn More »

Background

May 6 - Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom.

https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown

May 7 - Colonial Pipeline shut down its entire pipeline network due to ransomware cyber attack May 8 - Actor attribution was unknown at the time, but information began to emerge of a threat actor named "DarkSide".

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption

Colonial pipeline restarted operations on May 12, taking a few days to ramp up to normal operations on or around May 15. It was reported DarkSide demanded $5M ransom, but not confirmed how much was paid.
https://www.cnn.com/2021/05/15/politics/colonial-pipeline-returns-normal-operations/index.html

Following the restoration of Colonial, it was reported that DarkSide was shutting down operations.
https://news.yahoo.com/darkside-claims-shutting-down-colonial-162049879.html

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
AV
AV (Pre-filter)
Behavior Detection

DETECT

Threat Hunting
Outbreak Detection

RESPOND

Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening
Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

World Pipelines

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners