DarkSide Ransomware Gang Hits US-based Pipeline

Ransomware gangs are becoming bolder and bolder with their attacks. Just a few years ago, the majority of attacks were focused on home users, and the criminals behind them demanded a few hundred dollars in exchange for a decryptor. However, more advanced ransomware developers have set their sights higher. Recently, the DarkSide APT (DarkSide Ransomware gang) carried out an attack against the Colonial Pipeline, one of largest fuel pipelines in the US. It is responsible for carrying over 2.5 million barrels of diesel, jet fuel, and petrol daily. Its operations were abruptly halted on May 6 after the network was compromised by the DarkSide APT.

The DarkSide hackers have evolved their ransomware attacks, and encrypting the victim's files is just one of the malicious tasks they perform. Their implant also has the ability to steal data from the compromised network and transfer it to the attacker's server. Allegedly, the DarkSide APT hackers managed to steal over 100GB of data from the Colonial Pipeline network and stored it on a public cloud service. The criminals threatened to publish the documents and files online unless the company pays up – thankfully, law enforcement agencies managed to take down the attacker's storage. However, there is a chance that the criminals might still be in possession of some stolen documents.

The recent DarkSide APT attack against Colonial Pipeline also asks for a spectacular ransom amount – the criminals demand to receive $2,000,000 via Bitcoin or Monero, and they also threaten to double it to $4,000,000 after some time. Previously, the DarkSide APT hackers carried out ransomware attacks against smaller companies, and they have already released stolen documents from victims who did not pay. So far, no data from Colonial Pipeline has been leaked.