• Language chooser
    • USA (English)
    • France (Français)

DarkSide Ransomware

Released: May 14, 2021


High Severity

Ransomware Type

Colonial Pipeline offline due to ransomware attack.

On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring. Learn More »

Background

May 6 - Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom. https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown May 7 - Colonial Pipeline shut down its entire pipeline network due to ransomware cyber attack May 8 - Actor attribution was unknown at the time, but information began to emerge of a threat actor named "DarkSide".

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption


Colonial pipeline restarted operations on May 12, taking a few days to ramp up to normal operations on or around May 15. It was reported DarkSide demanded $5M ransom, but not confirmed how much was paid. https://www.cnn.com/2021/05/15/politics/colonial-pipeline-returns-normal-operations/index.html Following the restoration of Colonial, it was reported that DarkSide was shutting down operations. https://news.yahoo.com/darkside-claims-shutting-down-colonial-162049879.html

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
DETECT
RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

  • Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
d41d8cd98f00b204e9800998ecf8427e file Active
asedownloadgate.com domain Active
http://wizzmonetize.com/remotes_xml_sections.php url Active
198.54.117.199 ip Active
eurodir.ru domain Active
xiiideath.com domain Active
vh376986.eurodir.ru domain Active
http://vh376986.eurodir.ru/api/gate.get url Active
http://vh376986.eurodir.ru/api/info.get url Active
198.54.117.197 ip Active
darksidfqzcuhtk2.onion domain Active
9cee5522a7ca2bfca7cd3d9daba23e9a30deb6205f56c12... file Active
d1dfe82775c1d698dd7861d6dfa1352a74551d35 file Active
25bb5ae5bb6a2201e980a590ef6be561 file Active
1a1ea6418811d0dc0b4eea66f0d348f0 file Active
f87a2e1c3d148a67eaeb696b1ab69133 file Active
0231ec4bfa03db42f5486c425d47cf9aed5ce3e4 file Active
09316a47cb5f3d26c8ca30ce6e2fbb81834fb58077a7869... file Active
130220f4457b9795094a21482d5f104b file Active
164659aa3202a80a8b4942fd56a5dd94a8dc71864a367b9... file Active
1667e1635736f2b2ba9727457f995a67201ddcd818496c9... file Active
17bd91432be7e27f3f2bd5a5ab1a85a1 file Active
17cf8b0e7c454ddeb405420bbaba67a7 file Active
1a3e5bac1841fa1526d7ceb906d361edf1abba2b file Active
1a700f845849e573ab3148daef1a3b0b file Active
1f7c7d4bfa672a931726c4c7ed4c06fab677e235a4553b1... file Active
2074071b1393d1a3f4017c4b70b58cdca4a4b608 file Active
20fcb588d8feb04da85215d7c6a3409e file Active
22371bdadc5b0710c47759c80699ec5437f32c46 file Active
352c646fae1e4fd6cc25b5d369f9c557e3ce1774 file Active
3cedd625b6c60f4cf7679f4c44b4d10a6077d45f file Active
3d106fc9ba8ebc014f7737634f74c6c7f973c9038f6de3a... file Active
42b0008aed7605511dc3c18ad582ef6419d608bd file Active
463ca0ccd6a8ff73f2c5c8a9ba79c1a6b6af0033a988473... file Active
48a848bc9e0f126b41e5ca196707412c7c40087404c0c8e... file Active
4bd6437cd1dc77097a7951466531674f80c866c6 file Active
4bdf20303b614b7035b01ac96177f0a631c798a4237fc97... file Active
4e208cfe865678ff9f605a038aca96a02fefc6bb file Active
5238b33c7c7fecaa2f7b4af76be82606 file Active
533d26fdacdcaf1b908458c39bb503e5aa94025811c6b6d... file Active
62a675a6b5c11462b4cbebc2817e070b file Active
6762a2447318a1b5b3e3c6875478cfaf file Active
69f6feffadce2e578ff095f4e703caeb24fe59efac13e5b... file Active
6e247df456dc8e1d160c10624bc0b8da file Active
6ee2d47be53c7ff61d9f584dc524d6f3 file Active
7d523e591736c20a7595810e4d67dca65411261dc82c0c8... file Active
7e419a1e1cd253a5c0ccc713e9dbaaf075a2557f file Active
8034c3b5a385dc6831237a6866c2d03d file Active
8283aadc880369ea1ceb0efcf7db3a7a file Active
884ae0aa45be8fbc720770fb5b3c57aec1e0aef2d2c47dd... file Active
8d5e4c3d65c5962828f8e97fd5d8b698 file Active
924d11d27bbf28e4bda23efb763321f76b51a788 file Active
a0a8bc08738184832dfa4c45f6310ef3 file Active
a34b46bea62e156d6cf8f59673a52edb file Active
a37f0aac22edd87fb0001c3355dc81dbe4686826d51c3d9... file Active
a3c7079dcc4e54502a845d39524bc66e file Active
aedbc17be7cdead3b47d08c2529b26dc0ccc60fc file Active
b0d8bf72655bd18e3d1bea40258979bc48c90a36 file Active
c14d07504fa802a1aa53330a37182b75808ac61647778c9... file Active
c7f2264d27ac44beb66f13d383f5ad6671750af0 file Active
c81dae5c67fb72a2c2f24b178aea50b7 file Active
c91ff86a88038b00d9190ebb01e6f8c94b0c83e0 file Active
ce406a55a7a390311de67c87433f0ea18aa524598884180... file Active
d2cfe6d58973d466044b8882ee3c9799a42e6999 file Active
d603a6d89eadf41448fc71085d6957a903e04654bc31bf4... file Active
df9f4acc1e3db6f9039652e28ee47f27819ea36b file Active
e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a6... file Active
e0f032f7aeeeceb5401607e2c6d0d11b669d41fa file Active
e85462e043b5f38dcf7b8350cc6bba76da402407 file Active
eab83b5426deee1b971f7b31888e3c63 file Active
ec0e75c477fc54c92c47788bb9ccc034 file Active
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d... file Active
f8b34d644eba51b367b4bdb5cb4c1a4b7617a7f4636129c... file Active
e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4... file Active
kgtwiakkdooplnihvali.com domain Active
7cats.ch domain Active
47eccaaa672667a9cea23e24fd702f7b3a45cbf85854035... file Active
6d656f110246990d10fe0b0132704b1323859d4003f2b1d... file Active
afb22b1ff281c085b60052831ead0a0ed300fac0160f878... file Active
c16fc61415f537f42b9d813cd9538898f53865e1f5b46f2... file Active
176.123.2.216:443 ip Inactive
185.105.109.19 ip Active
securebestapp20.com domain Active
auth.athaliaoriginals.com domain Inactive
51.210.138.71:443 ip Inactive
192.3.141.157:443 ip Inactive
gtmx56k4hutn3ikv.onion domain Active
185.203.117.159 ip Active
f7eda7111ac0f95dfbd817bd0962defe35412de12964f17... file Active
213.252.247.18:443 ip Inactive
3a12028379cc8dd5c94544b66f7cc27f66352599d85464c... file Active
508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e07... file Active
188.119.112.169 ip Active
catsdegree.com domain Active
da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc438... file Active
lagrom.com domain Active
darksidedxcftmqa.onion domain Active
temisleyes.com domain Active
ladomainadeserver.com domain Active
162.244.81.253:443 ip Inactive
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0

References

Sources of information in support and relation to this Outbreak and vendor.