The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter.
The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said.
The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.
Colonial’s decision late Friday to shut down a pipeline that is the main source of gasoline, diesel and jet fuel for the East Coast, without saying when it would reopen, represents a dangerous new escalation in the fight against ransomware, which President Joe Biden’s administration has identified as a priority.
It’s not clear how much money the attackers demanded or whether Colonial has paid. Ransomware demands can range from several hundred dollars to millions of dollars in cryptocurrency. Many companies pay, often facilitated by their insurers.
AXA SA, one of Europe’s top insurance companies, said this week that it would break with that trend and stop offering policies in France that reimburse customers for payments made to ransomware hackers, which could be the first in the industry, the Associated Press reported.
The post Colonial Hackers Stole Data Thursday Ahead of Shutdown appeared first on .