Last month’s oil pipe ransomware incident spurred fuel / hoarding and $ 4.4 payment to the attackers seemed to have been traced back to the VPN login that was not used but still active. Showering Exec Charles CarmaKal told Bloomberg that their analysis of attacks found that suspicious activities on the colonial pipeline networkThe ‘Bulletin’ Facebook Bulletin Platform can be launched before the end of June began April 29.
Even though they cannot confirm how the attackers get logged in, there seems to be no evidence of phishing, sophisticated or vice versa techniques. What they found was that the employee password was present in the Dump Login distributed on the dark web, so if it was reused and the attacker matched the username, it could be the answer to how they entered.
Then, a little more than a week later the ransom appeared on the computer screen and the Pipeline Capital staff began to turn off the operation. While this is only one in a series of similar incidents that never end, the impact of the shutdown is quite large so that the CEO of Pipeline Capital is scheduled to testify in front of the Congress Committee next week, and doj has focused a ransomware response in a similar way. That way is related to cases of terrorism.