Hackers stole data during the Colonial Pipeline cyberattack Thursday ahead of the pipeline operator shutting down from the apparent attack, according to news reports.
The hackers of the 5,500 miles pipeline reportedly started their attack Thursday, “stealing a large amount of data before locking computers with ransomware and demanding payment,” according to people familiar with the matter who spoke with Bloomberg.
Reportedly, the hackers are from DarkSide, a cybercrime gang. They stole nearly 100 gigabytes of data within two hours from the company network, which is based in Alpharetta, Georgia, according to the two officials involved that spoke with Bloomberg.
According to Bloomberg, this was a “double-extortion” scheme which appears to be the DarkSide trademark.
Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.
The company didn’t immediately respond to requests to comment on the investigation. It said earlier that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
It’s not clear how much money the attackers demanded or whether Colonial has paid. Ransomware demands can range from several hundred dollars to millions of dollars in cryptocurrency. Many companies pay, often facilitated by their insurers.
President Joe Biden was briefed on the attack Saturday morning, the White House told Bloomberg.
The major fueling pipeline had been taken offline late Friday by its operator due to the attack, according to reports. It originally appeared to be an attempt to disrupt vulnerable energy infrastructure since the pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York. The pipeline carries 45 percent of the East Coast’s fuel supplies, which equates to 2.5 million barrels each day, the Times reported.
In a press release over the weekend, Colonial Pipeline said to “minimize disruption to our customers and those who rely on Colonial Pipeline,” it is already “diligently” working on the process. When the news broke, Federal law enforcement and homeland security officials were already starting to investigate, according to a report.