Security News > 2021 > May > Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration
The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations.
The Cybersecurity & Infrastructure Agency has posted ransomware guidance and resources, saying that it's engaged with Colonial over the attack.
"The Colonial Pipeline attack reinforces the need to update legacy systems running today's critical infrastructure networks," he said.
Bloomberg reported on Saturday that the attackers actually began to steal Colonial's data on Thursday, a day before triggering the ransomware attack itself, and said that they guzzled 100 gigabytes of data in just two hours on Thursday.
"The Colonial Pipeline vulnerabilities exposed to the internet, including open services on standard ports open to the internet, over the past few months are more than enticing for criminal groups indiscriminately scanning the internet. In light of the news that ransomware was the attack vector of choice, this is more than likely a monetarily motivated effort, likely excluding nation-state adversaries."
Grant Geyer, chief product officer at industrial cybersecurity company Claroty, predicted that the attack against Colonial is just a teaser of future attacks.
News URL
https://threatpost.com/colonial-pipeline-ransomware-emergency-declaration/165977/
Related news
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)