Colonial Pipeline Ransomware Attackers Use Compromised Password to Infiltrate Company’s VPN

It turns out that the cyberattack that shut down Colonial Pipeline for a couple of days is rooted in a single compromised password of the company's virtual private network account.

Colonial Pipeline Ransomware Attackers Use Compromised Password to Enter the Company’s VPN
WOODBINE, MD - MAY 13: In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Woodbine, Maryland. The Colonial Pipeline has returned to operations following a cyberattack that disrupted gas supply for the eastern U.S. for days. by Drew Angerer/Getty Images

It enabled the ransomware group to infiltrate the system of the largest fuel pipeline in the United States on April 29, Bloomberg reported.

Charles Carmakal, Senior Vice President of Mandiant, a FireEye subsidiary, said that the hackers took advantage of the network that gives the employees remote access to the computer network of the company.

Carmakal added that the VPN account the hackers used as a backdoor is already deactivated or unused, but it still had access to the network of Colonial Pipeline.

Password From the Dark Web

It may have been that the password that the criminal minds used were from a former employee that got hacked.

However, Carmakal noted it is still unclear how the hackers got their access to the login credentials -- and that could remain unsolved.

Engadget noted the absence of any phishing techniques. So, it might be that the ransomware gang simply reused the password, which was available on the dark web, along with other stolen login credentials.

Nevertheless, it is still a mistery how it got to the deep web.

Ransom Note

Meanwhile, Joseph Blount, Colonial Pipeline CEO, said that the attack started from a single note.

More precisely, an employee first stumbled upon a message asking for cryptocurrency ransom from one of the computer screens on May 7, a few minutes before 5 a.m.

It seems like it came from a scene straight from a blockbuster action-packed movie.

Moreover, Blount said that just an hour later, or at 6:10 a.m. to be exact, the whole pipeline has shut down its operations.

Read Also: Ransomware are 'Double Encrypting' Your Data Despite Payment-Here's How to Turn on Windows 10's Built-in Malware Blocker

Colonial Pipeline Shutdown

In a few more hours, the company warned Americans of a looming gas shortage. President Joe Biden even had to declare a state of emergency to continue the transport of fuel through the land.

At least 11 states have been affected by the fuel shortage brought upon by the shutdown and, made worse, by the panic buying of car owners. It has not only strained land vehicles, jets and airlines also had to face the wrath of the attack.

Later on, Colonial Pipeline had to pay bitcoin worth a whopping $4.4 million to restore its services. However, the company was dismayed that the decryption tool provided by the ransomware gang took too long to restore the system.

Hence, Colonial had to figure it own their own, despite paying a hefty ransom.

Related Article: Colonial Pipeline Ransomware Attack: Gas Shortage is Coming Says CEO, Darkside Steals 100GB Worth of Data

This article is owned by TechTimes

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics