RANSOMEDVC ransomware group has declared that they successfully infiltrated Colonial Pipeline, the American company operating a significant pipeline system that transports over 100 million gallons of various petroleum products, including gasoline, diesel fuel, and jet fuel, on a daily basis.
In response to the claim the Alpharetta-based company, which delivers about 45% of the gasoline consumed on the East Coast, says data posted online appear to be from a third-party vendor and not originating from within the company itself.
These latest claims surfaced through posts on their dark web blog. The group also shared their claims via their recently launched Telegram channel and their X (previously Twitter) account. RANSOMEDVC is the same group that claimed to have breached Sony during last month
Threat actors publicly shared a file containing 5GB of data, claiming it belongs to Colonial Pipeline. Hackread.com has examined and analyzed this data. While it’s premature to draw definitive conclusions, the files and folders appear to contain a wealth of information, including diagrams, internal documents, leak detection policies, ICS and SCADA-related presentations, as well as photos of employees handling electronic equipment, among other things.
The statement released late Friday reads:
“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After working with our security and technology teams, as well as our partners at CISA, we can confirm that there has been no disruption to pipeline operations and our system is secure at this time. Files that were posted online initially appear to be part of a third-party data breach unrelated to Colonial Pipeline.”
This isn’t the first time that a ransomware group has breached Colonial Pipeline. In May 2021, a group called DarkSide successfully infiltrated its systems, resulting in significant operational disruption.
Colonial Pipeline paid a ransom of 75 Bitcoin to the DarkSide ransomware gang on May 7, 2021, amounting to approximately $4.4 million at that time. The ransom was paid to regain access to their systems and expedite the resumption of operations.