Colonial Pipeline is a major supplier of fuel to the Southeastern United States. In April, the company discovered a breach in its computer networks, which allowed hackers to access the company’s system and steal data. The attackers demanded a ransom payment in the form of Bitcoin, a popular cryptocurrency. This attack has been a major news story, especially as it raises questions about the security of operating technology (OT) systems.

DarkSide, an East European-based criminal hacker organization, is suspected of being behind the attack. It appeared to target Colonial Pipeline in an effort to secure a “quick buck.” After paying the ransom, Colonial said it had restarted operations and would continue to do so. But it was unclear if the data was recovered and whether or not the hackers were able to successfully rebrand.

Colonial executives had been unable to operate the pipeline, which supplies 2.5 million barrels of fuel per day, since early May. They resorted to remote access tools, such as VPN, to get through. Unfortunately, some employees were forced to use unsecured networks, which are a common vulnerability.

In response to the attack, President Joe Biden signed an executive order that requires the Federal Government to improve its cybersecurity. The Department of Justice also seized 64 of the 75 bitcoin that were stolen. Despite this, the company plans to resume normal operations by the end of this week.

The Colonial Pipeline attack has brought to light many important security lessons. It also raises concerns about the security of software supply chains, including third-party vendors. As the threat of a ransomware attack grows, organizations must consider their vulnerabilities and work to develop strategies to prevent future attacks.

Colonial Pipeline’s network was shut down on May 7. That shutdown, which occurred for several days, meant the company’s main lines were unusable. Many gas stations ran out of fuel, causing panic. Then, the gas shortage caused by the disruption spread to the Eastern seaboard.

A spokesperson for the Colonial Pipeline Company said the password on the company’s system was not protected by multi-factor authentication. It was linked to an unused VPN profile, which may have been compromised earlier. However, no one thought to remove the password or revoke access.

Despite this, the company did not immediately disclose the scope of the compromise or the exact amount of the ransom it paid. However, an employee in the Colonial Energy Control Room saw a note demanding the company pay the ransom.

In addition to the impact on the fuel supply, the cyberattack affected the company’s IT and billing systems. At least 100GB of corporate data was lost in just two hours. While it is unclear how much data was stolen or what type of data was exfiltrated, the cyberattack has raised major security concerns.

DarkSide, a cybercriminal group with ties to Russia, is believed to have facilitated the attack. The organization emerged last summer as a service, offering ransomware to large, cash-rich organizations.