Attackers accessed a VPN account that was no longer in use to freeze the company s network in a ransomware attack. Colonial Pipeline Co. used the password to a no-longer-used account that still allowed them to remotely access the network. The attack shut down a pipeline that covers the entire eastern seaboard as far north as New York as well as southern states. The FBI and Department of Justice managed to track the ransom payment through a number of cryptocurrency wallets controlled by DarkSide and have now clawed back approximately $2.3 million.
Source: https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/