Select Page

May, 2021 Colonial Pipeline Ransomware Attack

A criminal gang launches a ransomware attack against Colonial Pipeline. This shuts down gasoline deliveries to the entire east coast United States for six days. Nope, not fiction. Real life. People ask why we tolerate cyberattacks like these. This is the wrong question. The right question is, why are our defenses so bad? This one was a giant inconvenience to millions of Americans and played out over a couple of weeks. The next one might be worse. Maybe we’ll finally open our eyes.

Wednesday, May 12, 2021, WCCO AM 830 with Cory Hepola

Friday, May 14, 2021, WCCO AM 830 with Cory Hepola

Sunday, May 16, 2021, AM1280 The Patriot with Brad Carlson


WCCO AM 830 with Cory Hepola, Wednesday, May 12, 2021; Colonial Pipeline Ransomware

Back to the top

Friday, May 14, 2021 after we learned Colonial Paid a $5 million ransom

Back to the top

Next WCCO Radio appearance

Previous WCCO Radio appearance

AM1280 The Patriot, with Brad Carlson, Sunday, Jan 16, 2021; Colonial Pipeline Ransomware and some 2020 election hangover

Here is a frame with the recording from the AM1280 The Patriot website. My portion starts around the 33 minute mark.

Back to the top

Previous AM1280 The Patriot appearance

Here is the Fireeye blog about the Darkside ransomware as a service gang.

Colonial paid a $5 million ransom to its attackers for a decryption tool. But…

“Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.”

From the Bloomberg article linked above

Kim Zetter also has a couple of great articles from first–hand sources on her Zero Day blog.

In the wake of the Colonial Pipeline, Microsoft Exchange, SolarWinds, and thousands of other incidents, President Biden issued an executive order on May 12, 2021 with a goal to improve our nation’s cybersecurity. It calls for a standard incident response playbook, establishes a cybersecurity review board, encourages information sharing, and uses the Federal Government’s clout as a large customer to encourage suppliers to adopt best practices when building new versions of their software products.

Will the executive order make a difference? Maybe. It’s overdue. But dealing with the government often devolves into courting relationships instead of substance, and this well-intentioned order could fall victim to the same old good ol’ boy network.

Submit a Comment

Your email address will not be published. Required fields are marked *