Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party knowledge breach

Colonial Pipeline mentioned there was no disruption to pipeline operations or their methods after a ransomware gang made a number of threats on Friday afternoon.

The corporate – which runs the most important pipeline system for refined oil merchandise within the U.S. – addressed claims made by the Ransomed.vc gang that knowledge had been stolen from their methods.

“Colonial Pipeline is conscious of unsubstantiated claims posted to an internet discussion board that its system has been compromised by an unknown social gathering. After working with our safety and know-how groups, in addition to our companions at CISA, we are able to verify that there was no disruption to pipeline operations and our system is safe right now,” a spokesperson for the corporate mentioned.

“Recordsdata that had been posted on-line initially seem like a part of a third-party knowledge breach unrelated to Colonial Pipeline.”

When requested additional questions on what third social gathering was attacked, whether or not that incident concerned ransomware and if the scenario had been contained, a spokesperson directed Recorded Future Information to CISA, which didn’t reply.

The gang runs a Telegram channel the place they boast of assaults, and claimed on Friday afternoon that they tried to extort Colonial Pipeline unsuccessfully. They shared a zipper file with stolen paperwork that safety researchers said had paperwork associated to Colonial Pipeline.

The put up additionally features a photograph of Rob Lee, CEO of incident response agency Dragos. Lee was intently concerned within the response to a 2021 ransomware assault on Colonial Pipeline. The corporate didn’t reply to requests for remark, however on Twitter Lee mentioned the claims of information theft had been fictitious.

PSA: Felony teams lie. Sure even, and particularly, ransomware group ones. Exhausting however pointless.

— Robert M. Lee (@RobertMLee) October 13, 2023

“Once we wouldn’t pay their extortion try they’ve been fairly ticked off since. Have drug my identify and the agency each probability they get,” he mentioned.

The 2021 ransomware assault on Colonial Pipeline is essentially thought-about one of the vital consequential ransomware assaults in historical past, shutting down their operations for 5 days and paralyzing gasoline stations all through the East Coast.

The corporate operates about 5,500 miles of pipeline that delivers gasoline, diesel, jet gas, residence heating oil, and different refined oil merchandise all through the Southern and Jap U.S. Colonial Pipeline ended up paying a $5 million ransom.

The assault made ransomware a family matter and kickstarted a push in any respect ranges of presidency to deal with the assaults and the teams behind them. A number of new cybersecurity rules governing pipelines had been instituted following the assault.

In June, the U.S. authorities confirmed that it used controversial digital surveillance powers to establish the person behind the crippling ransomware assault and to claw again a majority of the hundreds of thousands of {dollars} in bitcoin the corporate paid to revive its methods.

Russia arrested one of many folks behind the assault in 2022 however it’s unclear whether or not the individual was ever convicted of against the law.

Ransomed.vc lately made waves after threatening victims with the prospect of European knowledge breach fines if ransoms for stolen knowledge will not be paid. It defaced a Hawaiʻi state authorities web site final month, and two weeks in the past Japanese manufacturing big Sony advised Recorded Future Information that it was investigating knowledge theft claims by the group.

However the group’s legitimacy has been questioned, contemplating not one of the victims added to the group’s leak website because it emerged on August 15 have reported incidents. It’s nonetheless unclear if the group truly makes use of ransomware.

The group claimed to have attacked U.S. credit score company TransUnion – which denied its methods had been ever breached however famous that the information being provided on the market could have “come from a 3rd social gathering.”