Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th. The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.
“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After working with our security and technology teams, as well as our partners at CISA, we can confirm that there has been no disruption to pipeline operations and our system is secure at this time,” a spokesperson for the company said. “Files that were posted online initially appear to be part of a third-party data breach unrelated to Colonial Pipeline.”[1]
When asked further questions about what third party was attacked, whether that incident involved ransomware and if the situation had been contained, a spokesperson directed inquiries to CISA, which did not respond.
The gang runs a Telegram channel where they boast of attacks and claimed on Friday the 13th, in the afternoon, that they attempted to extort Colonial Pipeline unsuccessfully. They shared a zip file with stolen documents that security researchers said had documents related to Colonial Pipeline.
The post also includes a photo of Rob Lee, CEO of incident response firm Dragos. Lee was closely involved in the response to a 2021 ransomware attack on Colonial Pipeline. The company did not respond to requests for comment, but on Twitter Lee said the claims of data theft were fictitious.
“When we wouldn’t pay their extortion attempt, they’ve been pretty ticked off since. Have drug my name and the firm every chance they get,” he said.
The 2021 ransomware attack on Colonial Pipeline is largely considered one of the most consequential ransomware attacks in history, shutting down their operations for five days and paralyzing gas stations throughout the East Coast.
The company operates about 5,500 miles of pipeline that delivers gasoline, diesel, jet fuel, home heating oil, and other refined oil products throughout the Southern and Eastern US Colonial Pipeline ended up paying a $5 million ransom.
The attack made ransomware a household topic and kickstarted a push at all levels of government to address the attacks and the groups behind them. Several new cybersecurity regulations governing pipelines were instituted following the attack.
In June of this year, the US government confirmed that it used controversial digital surveillance powers to identify the individual behind the crippling ransomware attack and to claw back a majority of the millions of dollars in bitcoin the company paid to restore its systems.
Russia arrested one of the people behind the attack in 2022 but it is unclear whether the person was ever convicted of a crime.
Ransomed.vc recently made waves after threatening victims with the prospect of European data breach fines if ransoms for stolen data are not paid. It defaced a Hawaii state government website last month, and two weeks ago Japanese manufacturing giant Sony told Recorded Future News that it was investigating data theft claims by the group. But the group’s legitimacy has been questioned, considering none of the victims added to the group’s leak site since it emerged on 15 August have reported incidents. It is still unclear if the group uses ransomware.
The group claimed to have attacked US credit agency TransUnion, which denied its systems were ever breached but noted that the data being offered for sale may have “come from a third party.”
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and has reported extensively on AI technology. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://therecord.media/colonial-pipeline-attributes-ransomware-claims-to-unrelated-third-party-breach
Comments