Two persons close to the investigation said on Sunday that the cyber-extortion attempted to force the closure of a vital U.S. pipeline, which was carried out by a criminal group called “DarkSide.”
At the same time, as the Biden government relaxes regulations on the transportation of petroleum products on roads, which is a “go all-out” effort to avoid fuel supply interruptions, this shutdown continues to spread.
Experts say that if the pipeline returns to normal in the next few days, gasoline prices are unlikely to be affected, but this incident-the most serious cyber attack on critical US infrastructure to date-should sound a wake-up call for companies involved in this matter. The vulnerability they face.
The pipeline is operated by the Colonial Pipeline of Georgia and transports gasoline and other fuels from Texas to the Northeast. Its pipeline system spans more than 8,850 kilometers and transports more than 380 million liters per day.
According to the company, the fuel it provides accounts for about 45% of fuel consumption on the East Coast.
Colonial is hit by so-called ransomware attacks, in which hackers usually lock down computer systems by encrypting data, paralyzing the network, and then demand a large ransom to decrypt it.
On Sunday, Colonial said it was restoring some of its IT systems. It said it will continue to maintain contact with law enforcement and other federal agencies, including the Department of Energy, which is leading the federal government’s response.
The company did not disclose what it requested or who made the request.
Active since August
However, two persons close to the investigation said on the condition of anonymity that they identified the culprit as a “hidden party.” This is a criminal organization that “specializes the crime industry” in the ransomware gang. In the past three years, Western countries have suffered tens of billions of dollars in losses.
DarkSide claims that it does not attack hospitals and nursing homes, education or government goals, and donates some of them to charities. It has been very active since August and is a typical most powerful ransomware gang. It is known to avoid targeting organizations in the former Soviet bloc countries.
Colonial did not disclose whether it has paid or is negotiating a ransom. DarkSide neither announced the attack on its dark website nor responded to the Associated Press reporter’s inquiries. Lack of confirmation usually means that the victim is negotiating or has paid.
The attack on the colony’s pipeline forced the company to shut down its network on Friday. On Sunday, Colonial said it was working on a “system restart” plan. The company said its main pipeline is still offline, but some smaller pipelines are now in operation.
The company said in a statement: “We are restoring services to other branches. We can only bring the entire system back online after we believe it is safe to do so and fully comply with all federal regulations.”
Secretary of Commerce Gina Raimondo said on Sunday that ransomware attacks are “businesses must now worry about” and that she will work “vigorously” with the Department of Homeland Security to resolve the issue, saying it is a top priority for the government.
She said in an interview with CBS: “Unfortunately, these types of attacks are becoming more frequent.” Face the nation. “We must work with companies to protect the network to protect ourselves from these attacks.”
She said President Joe Biden was informed of the attack.
The Department of Transportation issued a regional emergency statement on Sunday, relaxing service hours for drivers transporting gasoline, diesel, jet fuel and other refined petroleum products in 17 states and the District of Columbia. It allows them to work extra or more flexibly to make up for any fuel shortages related to pipeline disruptions.
One of the people close to the colony investigation said that the attackers also stole data from the company, presumably for extortion purposes. Sometimes, for ransomware criminals, the stolen data is more valuable than the leverage they obtain by weakening the network, because some victims do not want to see their sensitive information being discarded online.
Warning to infrastructure operators
Security experts said the attack should be a warning to operators of critical infrastructure, including power and water companies and energy and transportation companies. If these infrastructure operators do not invest to improve their security, they may suffer catastrophic risks.
Ed Amoroso, CEO of TAG Cyber?? said that the colonialists were lucky, and their attackers were ostensibly motivated by interests, not geopolitical motivations. Countries that are committed to more severe damage support hackers using the same intrusion methods as ransomware gangs.
He said: “For companies that are vulnerable to ransomware attacks, this is a bad sign because they may be more vulnerable to more serious attacks.” For example, in the winter of 2015 and 2016, Russian cyber fighters were paralyzed in Ukraine Power grid.
In the past year, cyber-extortion attempts in the United States have forced hospitals to delay cancer treatment, interrupted studies, and paralyzed the police and city government.
TrustedSec founder and senior chief security consultant David Kennedy said that once a ransomware attack is discovered, the company will be powerless and can only rebuild its infrastructure completely or pay the ransom.
Kennedy said: “Ransomware is absolutely uncontrolled and is one of the biggest threats we face as a country.” “The problem we face is that most companies are not prepared to face these threats.”