ORX News Deep Dive: Colpipe pay $4.4m ransom
- 17 September 2021
Download the free Deep Dive from ORX News to find out why Colpipe paid a ransom of USD 4.4 million following a cyber attack. The ransomware attack had forced one of the US’s largest pipelines operated by ColPipe to shut down operations.
About ORX News Deep Dives
ORX News Deep Dives are a chance to explore specific losses in more detail – they analyse the event, provide information about what happened and explore the risk factors and impacts. Subscribers to ORX News can request up to three Deep Dives each year for free and access a library of more than 100 Deep Dives.
ColPipe pays USD 4.4 million ransom following cyber-attack disrupting operations for six days
On 8 May 2021, CNN reported that a ransomware attack had forced one of the US’s largest pipelines operated by Colonial Pipeline (ColPipe) to shut down operations. On 13 May 2021, Bloomberg reported that on 7 May 2021, hours after the attack had been discovered, ColPipe paid a USD 5 million ransom in cryptocurrency to cyber-criminal gang DarkSide. On 19 May 2021, ColPipe's Chief Executive Officer (CEO) confirmed it had paid a ransom of USD 4.4 million (EUR 3.7 million).
CNN reports that ColPipe was founded in 1962 and transports 45 per cent of all gasoline, diesel and jet fuel consumed on the US East Coast. The BBC reported on 9 May 2021 that cyber-criminal gang DarkSide had been officially confirmed as responsible for the incident by the US Federal Bureau of Investigation (FBI).
DarkSide is one of many ransomware gangs extorting victims while avoiding targets in post-Soviet states. The groups gain access to private networks, encrypt files using software, and often also steal data and demand payment to decrypt the files and/or ask for additional money not to publish stolen content.
ColPipe said it learned about the attack on 7 May 2021. According to Reuters, the hacking group gained access to ColPipe’s cloud computing system and stole over 100 gigabytes (GB) of data which the hackers threatened to leak online. The system was taken offline on 8 May 2021. Reuters also reports that ColPipe's data did not appear to have been transferred from that system to anywhere else, potentially limiting the hackers' leverage to extort or further embarrass the company.
In response to the incident, ColPipe said it had taken certain systems offline to contain the threat which had temporarily halted all pipeline operations and affected some IT systems. ColPipe also engaged third-party firm FireEye Mandiant to investigate the incident and contacted law enforcement and other federal agencies.
Download the free Deep Dive to find out how this attack resulted in Colpipe paying a $4.4m ransom
Although Deep Dives are usually only available to ORX News subscribers, we've made this one freely available. Download it to find out more about the loss event, its impact, the internal and external risk factors involved and what remedial measures were taken.