Colonial Pipeline Attributes Ransomware Claims to ‘Unrelated’ Third-Party Data Breach

Cyber Security Threat Summary:
Colonial Pipeline has reported that there has been no disruption to its pipeline operations or systems following threats from a ransomware group known as Ransomed.vc. Colonial Pipeline is responsible for operating the largest pipeline system for refined oil products in the United States. The Ransomed.vc gang claimed that they had stolen data from Colonial Pipeline's systems.

Colonial Pipeline referred to the claims made by Ransomed.vc as "unsubstantiated." To confirm the security of their systems, they collaborated with their security and technology teams and the Cybersecurity and Infrastructure Security Agency (CISA). The company confirmed that there had been no disruption to their pipeline operations and that their system remained secure. They suggested that the files initially posted online appeared to be related to a third-party data breach that was unrelated to Colonial Pipeline.

Ransomed.vc, the ransomware gang, operates a Telegram channel where they openly discuss their attacks. They claimed to have attempted to extort Colonial Pipeline but were unsuccessful in their endeavor. To support their claim, they shared a zip file containing stolen documents that purportedly had a connection to Colonial Pipeline.

The post also included a photo of Rob Lee, the CEO of the incident response firm Dragos. While the company did not provide a comment, Rob Lee responded on Twitter, stating that the claims of data theft were fictitious. He mentioned that the gang was upset because their extortion attempt had failed.

Security Officer Comments:
Ransomware threat actors often leave backdoors in breached networks. This persistence allows them to maintain control and re-enter the system, posing ongoing threats. In the 2021 Colonial Pipeline ransomware attack, the impact was substantial, leading to a shutdown and a $5 million ransom. Ransomed.vc, a ransomware gang, is known for recent threats but remains unclear in their methods. Backdoors can make it challenging to assess breaches, emphasizing the need for robust cybersecurity measures and response strategies.

Suggested Correction(s):
False accusations can have diverse ramifications for companies if they are targeted, regardless of whether the claims are legitimate or not. Companies must be prepared for false allegations and able to promptly respond to media requests if they want to protect their reputation and maintain the trust of their stakeholders.

Swift and transparent communication can be vital in mitigating the potential damage to a company's brand and public perception, demonstrating a commitment to ethical practices, and ensuring that facts are accurately presented to the public.

This proactive approach not only safeguards the company's integrity but also positions it as an organization that takes accountability and transparency seriously, helping to maintain the confidence of customers, investors, and the wider public.

Link(s):
https://therecord.media/