Compromiseseverity: Critical2021-05-07
DarkSide affiliate compromises Colonial Pipeline, halts East Coast fuel
published by CISA
Actor
Russian-speaking ransomware-as-a-service operation active from August 2020 to May 2021, when an affiliate's compromise of Colonial Pipeline triggered the fuel-supply crisis on the U.S. East Coast and…
Summary
A DarkSide affiliate compromised Colonial Pipeline — the operator of the largest refined-products pipeline in the United States, supplying ~45% of East Coast fuel — and encrypted business systems. Colonial proactively shut down operational systems and paid a $4.4M ransom; the FBI later recovered ~$2.3M of the BTC. The incident triggered fuel shortages across multiple southeastern states, executive-branch attention from the White House, and the policy pressure that drove DarkSide to shut down its operation within weeks.
Tags
critical-infrastructureransomwareenergyus