The Ransomware Group Responsible for the Colonial Pipeline Attack Has Been Taken Down

On May 7, 2021, one of the largest pipeline operators in the United States was taken out by ransomware. It was an incident that would result in widespread fuel shortages across the East Coast and served as a sobering reminder. As we continue to digitize and connect critical infrastructure to the Internet, the capacity of a single hacking group to bring society screeching to a halt becomes ever larger. 

The Colonial attack seemed somewhat chilling at first, at least until we gained further insight into how it happened. This was not a sophisticated attack carried out by hackers whose capabilities are beyond all but the best-funded security teams. 

Per Bloomberg, it was brought about by a single compromised password, gathered from a leak that was later discovered on the dark web. It’s still a mystery how the credential was obtained. Perhaps it always will be. 

But what we do know is that given how evidently simple in nature the Colonial attack turned out to be, it’s really no surprise that as of late October, one of the two ransomware groups claiming responsibility—a Russian-led syndicate known as REvil—was hacked through a joint operation involving multiple countries, reports Reuters.   

Law enforcement gained access to multiple internal servers maintained by the ransomware group. It didn’t take long for the breach to be discovered, and the gang quickly restored its compromised servers from backups. There was just one problem.

In an ironic twist of fate, the gang’s backups were already compromised. Law enforcement, it turns out, had opted to use one of REvil’s favored tactics against it. Somehow, it never occurred to the criminals that this was a possibility. 

As of October 21, 2021, the operation against REvil is still active. Not that it matters much to the now-defunct gang. Just as a data breach can destroy the reputation of a legitimate business, being compromised not once but twice by law enforcement is functionally a death sentence for any cybercrime operation. 

At the end of the day, this is a spot of much-needed good news. It’s proof that in the ongoing battle against cybercrime and cybercriminals, legitimate businesses and law enforcement are not fighting a losing battle. Quite the contrary, in fact—the good guys have scored some significant victories of late, starting with BlackMatter, who it was reported by ZDNet lost millions at the hands of researchers.

We’re still living in a digital world defined as much by constant risk as by connectivity and collaboration. But for each group like REvil and BlackMatter that’s brought down, that world feels just a little safer.