The Occurrence:
At approximately 14:35 GMT on Oct 13th of 2023, There was a alleged data breach, Ransomed.vc ransomware group that had claimed they had to taken full control of systems of the Colonial Pipeline in the US. This notification comes from the Ransomed.vc Telegram channel, stating they had taken full control of the systems and that if Colonial systems hadn’t wanted to pay, that they should share it with their beloved friends. Then posted a list of download backup links via torrents.
Fellow Cybersecurity Analyst Dominic Alvieri was first on site to report about the Colonial pipelines possible exposure, at approximately 14:36 PM GMT, Confirming that the validity of the breach had not been confirmed at that time.
The Response:
Reported by Sean Lyngrass a Cybersecurity Reporter at approximately 17:46 GMT; Colonial Pipeline was aware of the unsubstantiated claims that were posted to the online forum via telegram about their systems being breached and compromised by the unknown actor. After working with CISA and the security/technology teams they had confirmed no disruptions to the pipeline operations and at that point in time the system was secure. With the confirmation of this, the files that had been supposedly exposed in connection to the Colonial Pipeline systems, were that of an unrelated third-party data breach.
Final Notes on the Incident:
Robert M Lee, the CEO of Dragos (a tech company with the primary focus on cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments.) had this to say on his twitter shortly after the first allegation of the breach that occurred: “PSA: Criminal groups lie. Yes even, and especially, ransomware group ones. Exhausting but pointless.”
A true statement of that, which if cyber criminals would commit atrocious acts to gain access to invaluable information what would stop them from telling a couple lies for publicities sake.
