Security News > 2021 > May > Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration

The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations.

The Cybersecurity & Infrastructure Agency has posted ransomware guidance and resources, saying that it's engaged with Colonial over the attack.

"The Colonial Pipeline attack reinforces the need to update legacy systems running today's critical infrastructure networks," he said.

Bloomberg reported on Saturday that the attackers actually began to steal Colonial's data on Thursday, a day before triggering the ransomware attack itself, and said that they guzzled 100 gigabytes of data in just two hours on Thursday.

"The Colonial Pipeline vulnerabilities exposed to the internet, including open services on standard ports open to the internet, over the past few months are more than enticing for criminal groups indiscriminately scanning the internet. In light of the news that ransomware was the attack vector of choice, this is more than likely a monetarily motivated effort, likely excluding nation-state adversaries."

Grant Geyer, chief product officer at industrial cybersecurity company Claroty, predicted that the attack against Colonial is just a teaser of future attacks.

News URL

https://threatpost.com/colonial-pipeline-ransomware-emergency-declaration/165977/