BOOK THIS SPACE FOR AD
ARTICLE AD21. May 2021
This article has been indexed from CSO Online
The cyber attack on Colonial Pipeline is the latest in an increasing number of ransomware attacks that have been targeting both private enterprise and the public sector.
In this case, it appears that the ransomware variant involved is DarkSide, which ExtraHop has seen in customer environments. This campaign starts by mapping the environment and exfiltrating data, meaning that the attackers likely now have access to detailed information about the company and its pipeline operations. Then the attackers start encrypting systems, making entire portions of the infrastructure unavailable.
This two-pronged approach has become increasingly common, used in major attacks such as the recent REvil attacks on Acer. Exfiltrating potentially sensitive data gives added leverage to attackers and makes detecting and stopping ransomware even more important.
To read this article in full, please click here