The ransomware cartel that masterminded the Colonial Pipeline attack early last month crippled the pipeline operator’s network using a compromised virtual private network (VPN) account password, the latest investigation into the incident has revealed.
The VPN login was unused but active at the time of the attack, the report said, adding the password has since been discovered inside a batch of leaked passwords on the dark web, suggesting that an employee of the company may have reused the same password on another account that was previously breached.
Source: THN
What can I do to prevent ransomware infections?
DarkSide, the cybercrime syndicate behind the attack, has since disbanded, but not before stealing nearly 100 gigabytes of data from Colonial Pipeline in the act of double extortion, forcing the company to pay a $4.4 million ransom shortly after the hack and avoid disclosure of sensitive information. The gang is estimated to have made away with nearly $90 million during the nine months of its operations.