2 minute read
Timeline Colonial Pipeline Attack
TIMELINE
COLONIAL PIPELINE ATTACK
Advertisement
On Thursday, May 6th 2021, hackers, later to be identified as criminal group DarkSide, launched a cyberattack on the US largest fuel pipeline, causing a six-day outage that led to fuel shortages and price spikes across the country. In the end, DarkSide ran for the hills. It’s unknown if it took its money with it.
06.05 08.05 09.05 10.05
Day 1
Hackers launch Colonial Pipeline cyberattack, causing the biggest US gasoline pipeline to shut down. The hackers steal 100 gigabytes of data before locking computers with ransomware and demanding payment.
Day 2
US Government and unnamed US companies assist Colonial Pipeline in attack response. To stop the flow of stolen Colonial Pipeline data, key servers operated by the hackers are shut off, halting pipeline operations. Colonial Pipeline issues its first statement.
Day 3
A Former US government official says investigators are looking at a group dubbed "DarkSide," known for deploying ransomware and extorting victims while avoiding targets in postSoviet states. Colonial issues second statement detailing current status and plan.
Day 4
The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. Colonial issues third statement aims to substantially restore operational service by the end of the week. Colonial issues fourth statement advising of their incremental restore strategy.
11.05 12.05 13.05 14.05
Day 5
The CSIA and FBI issue a cybersecurity advisory describing DarkSide ransomware and risk mitigation strategies. Colonial Pipeline’s Website Offline for a portion of the day. Colonial issues fifth statement describing alternative fuel shipping strategies and preparations for restart.
Day 6
Colonial issues its sixth statement. At about 5:00 p.m. ET, Colonial Pipeline Restarts Pipeline Operations. Its reported panic buying has caused more than 1,000 fuel stations to run out of gasoline in the Southeastern US. Colonial Pipeline’s website is restored.
Day 7
Bloomberg reports that on May 7, 2021, Colonial Pipeline paid nearly $5 million in untraceable cryptocurrency to Eastern European hackers within hours after the attack, contradicting reports that the company had no intention of paying an extortion fee to help restore the fuel pipeline.
Day 8
DarkSide announces it has lost control of its servers and some of the money it received from ransom payments and is shutting down due to pressure from the US. It is unclear if the message is a ruse for the group to avoid paying its partners.
