DarkSide Ransomware
Released: May 14, 2021
Colonial Pipeline offline due to ransomware attack.
On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring. Learn More »
Background
May 6 - Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom. https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown May 7 - Colonial Pipeline shut down its entire pipeline network due to ransomware cyber attack May 8 - Actor attribution was unknown at the time, but information began to emerge of a threat actor named "DarkSide".
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption
Colonial pipeline restarted operations on May 12, taking a few days to ramp up to normal operations on or around May 15. It was reported DarkSide demanded $5M ransom, but not confirmed how much was paid. https://www.cnn.com/2021/05/15/politics/colonial-pipeline-returns-normal-operations/index.html Following the restoration of Colonial, it was reported that DarkSide was shutting down operations. https://news.yahoo.com/darkside-claims-shutting-down-colonial-162049879.html
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
AV
-
AV (Pre-filter)
-
Behavior Detection
Lure Use FortiDeceptor Decoys & Deception Lures (CACHE CREDENTIALS & SMB & RDP) to detect activities related to the DarkSide ransomware malware attack.
Decoy VM Use FortiDeceptor Decoys & Deception Lures (CACHE CREDENTIALS & SMB & RDP) to detect activities related to the DarkSide ransomware malware attack.
AV (Pre-filter) Detects & Blocks malware file
Behavior Detection Existing behaviour detection of the ransomware (launching files, visible windows, etc.).
-
Threat Hunting
-
Outbreak Detection
Outbreak Detection
-
Assisted Response Services
-
Automated Response
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
-
NOC/SOC Training
-
End-User Training
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
-
Attack Surface Hardening
-
Vulnerability Management
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Vulnerability Management Reduce the attack surface on software vulnerabilities via systematic and automated patching.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.