In brining the Colonial Pipeline shutdown disaster to a close, the Georgia based company apparently paid the eastern European hacking group Darkside $5 million to get a decrypting tool within hours of the ransomware attack. But the decryption was so slow that the company had to resort to using backup systems to get their pipeline back in service.
The hacking group known as Darkside attacked Colonial Pipeline using ransomware in which they remove or encrypt a user’s computer files and will only decrypt the files once the user has paid the fee the hacking group is demanding. Darkside put out a statement after the Colonial Pipeline shutdown saying it didn’t mean to cause such a serious event and that they are non-political and solely seeking money.
Ransomware attacks have been experienced by hospitals, utility companies, and other companies that provide critical work for functioning of society. The number of attack has dramatically increased over the last 10 years according to the FBI, leaving critical companies ever more vulnerable as the nation’s infrastructure is aging and still operating on old technology. There are reports that Colonial Pipeline was using still Windows 2000, which Microsoft stop supporting years ago.
Fuel shortages hit mostly Georgia, North Carolina, South Carolina and Virginia, though minor shortages did occur in Florida and other east coast states. Most security experts and officials with the U.S. government believe Darkside operates inside of Russia because a piece of code within the ransomware prevents it from attacking companies that use the Russian language.