Related Attacks (Unit 5)

On April 29, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Russian-based hacker group DarkSide was behind the attack, the attack vector was from a legacy VPN software and leaked credentials. The Colonial Pipeline paid the ransom of USD$4.4million as well as faced a lawsuit from EZ Mart which represent 11,000 gas stations affected by the disruption.

​

SamSam, 2018. This ransomware dated back to late 2015 but gained traction after it infected the city of Atlanta’s transportation department, causing an abrupt halt in services. Furthermore, it was also used against more than 200 organizations and companies in the US and Canada, such as hospitals, municipalities and public institutions. USD 30 million loss was estimated because of the attack. 

​

[A curious fact about SamSam is that the victim is asked to make the first payment for a first key, which would unlock only a few machines. It would be like a sign of honesty. “With buying the first key, you will find that we are honest”, says the ransomware message. Would you believe that?]
​
Petya, 2016. Attacks were sent randomly to many users via emails with malicious attachments. Petya acts by infecting the boot record of machines that use the Windows system. That is, it blocks the operating system as a whole. To unlock, you need to pay a ransom of around USD 300 per user.

This type of ransomware affected different organizations globally, such as banks and companies in the transportation, oil, food and health sectors. Let us cite as an example the National Bank of Ukraine, Mondelez (food company), Merck (pharmaceutical company) and Rosneft (oil company).