x
Breaking News
More () »

Columbia's Leading Local News: Weather, Traffic, Sports and more | Columbia, South Carolina | WLTX.com

Local cybersecurity experts explain ransomware attacks

Colonial Pipeline fell victim to a ransomware attack and had to shut down operations, what experts say about this kind of "cyber-extortion".

COLUMBIA, S.C. — Colonial Pipeline, a major fuel transport company on the East Coast, fell victim to ransomware by a hacker gang known as DarkSide. 

The ransomware attack, some are calling cyberextortion, forced the company to shut down most of their operations. 

Cybersecurity experts say the group responsible, DarkSide, is known for targeting large companies for money.

"DarkSide is actually really, really advanced," Stewart Davis said. Davis owns a Columbia-based cybersecurity company called Cavorn Security with her husband.

Colonial Pipeline, the company responsible for transporting almost half of the East Coast’s gas and fuel supply, announced Friday they were suffering from a cyber attack. 

U.S. officials have confirmed DarkSide is responsible.

RELATED: Pipeline hit by cyberattack could be back by week's end

"DarkSide is what we refer to as 'ransomware as a corporation.' They’re strictly financially motivated," said Davis.

She added that the group targets companies with a lot of liquid assets that could potentially pay a big ransom.

"The ultimate goal is to extort money from the victim, and the amount depends on what they estimate the damage would be," said USC Computer Science professor Dr. Chin-Tser Huang.

He added that hackers look for vulnerabilities in computer systems to inject their malware and take over a company’s data.

"They can start to get some privileges and try to encrypt data or block access rights to prevent legitimate users from logging in," explained Huang.

Colonial Pipeline has not shared what the ransomware is doing to their servers or if DarkSide has asked them for money. Late Sunday, the company said they’ve gone offline to contain the threat and are working to restore their operations and I.T. systems.

RELATED: SC gas prices, supply could be impacted by pipeline cyberattack, providers prepare

Davis told News19 most ransomware attacks come from malicious emails, which companies can help prevent.

"Making sure that end-users are consistently following proper procedures when it comes to emails and work stations is a huge defensive weapon that companies can have in their arsenal," she said.

On Monday, Colonial Pipeline said they're still working with the federal government to get back online. They said the "situation remains fluid and continues to evolve."