By: Daniel Simonds – Research analyst at the GTPF

On Friday, May 7th, 2021 multiple news sources reported that Colonial Pipeline, a major U.S. pipeline that moves gasoline and other fuels from Texas to the Northeast, was the victim of a cyber-attack that involved ransomware and “affected IT (Information Technology) systems.” Ransomware is a type of malware that essentially takes data or a system hostage and prevents the actual owner of the data or system from accessing it or using it until they pay the adversary a ransom after which the adversary will release the data or control of the system back to the owner. 

This attack on the Colonial Pipeline is of serious importance because the fuel sector is part of our critical infrastructure. While there is yet no official statement on attribution for the attack, Reuters has stated that a former U.S. official and three industry sources have implicated the hacker group Darkside as the perpetrator. Darkside is a non-state affiliated criminal hacking group formed in August of 2020.

This begs the question of whether this ransomware attack is truly a ransomware attack and not a state-sponsored attack disguised as ransomware.  Read the Full Article.