Pipeline cyberattack was likely the work of a ransomware gang
Details of the industry-hobbling Colonial Pipeline cyberattack are starting to emerge. Reuters and Bloomberg say the hack was likely the work of a cybercriminal group, and that the ransomware gang DarkSide appears to be the primary suspect. Bloomberg claims DarkSide stole almost 100GB of data in two hours on May 6th as part of a "double-extortion scheme" where intruders threatened to both leak company data and lock Colonial out of its information.
It's not certain if Colonial agreed to pay a ransom. The oil and gas giant reportedly asked FireEye's Mandiant forensics team to help investigate the breach.
The attack was important enough to get the US government's involvement, regardless of who was responsible. Officials were scrambling to help Colonial restore its fuel supply business, while Reuters understood that a government investigation was in the "early stages." President Biden received a briefing on May 8th.