Two people close to the investigation said on Sunday that the cyberostation effort forced the closure of a key U.S. pipeline was led by a criminal gang known as Darkside who stole from Robin Hood’s corporation and posed for a charity. .
The shutdown was extended for the third day in a row by the Biden administration relaxing the rules for transporting petroleum products on highways as part of a “deck at all levels” effort to avoid disruptions to fuel supplies.
Experts say petrol prices are unlikely to be affected if the pipeline returns to normal in the next few days, but the incident – the worst cybertac in US critical infrastructure so far – will serve as a wake-up call to companies about vulnerabilities they face.
Operated by the Georgia-based Colon Colonial Pipeline, the pipeline carries gasoline and other fuels northeast from Texas. It supplies about 45 percent of the fuel consumed on the east coast, the agency said.
Calling Colonial a ransom attack, hackers typically encrypt data, paralyze networks, and then lock computer systems, demanding a large ransom to release it.
On Sunday, Colon Colonial Pipeline reported that it had been actively working on restoring some of its IT systems. It said it was in contact with other U.S. agencies, including law enforcement and the Department of Energy, which has been responding to the federal government. The agency has not yet said what was claimed or who made the claim.
However, DarkSite has identified the culprit by speaking on condition of anonymity to two people close to the investigation. It is among the ransom groups that have “professionalized” a criminal industry that has caused Western countries billions of dollars in losses over the past three years.
Darkside claims it does not attack hospitals, nursing homes, educational or government targets and that it donates a portion of its acceptance to charities. It has been active since August and is known to avoid targeting organizations in the most common, former Soviet bloc countries of the most powerful ransomware gangs.
The Colon settlers could not say whether they had demanded or negotiated a ransom, and DarkSite did not announce the attack on its dark website or answer questions from an Associated Press reporter. Lack of recognition usually indicates that the victim is either negotiating or paying.
On Sunday, the Colon Colonial Pipeline said it was making a “system restart” plan. It says its main pipeline is offline but a few smaller lines are now operational.
“We are in the process of recovering the service at other laterals and only when we believe it is safe to do so, and we will bring our entire system back online in full compliance with the approval of all federal regulations,” the agency said in a statement.
On Sunday, U.S. Commerce Secretary Gina Raymondo said the ransom attack was “a matter of business concern now” and that she would work “extremely vigorously” with the Department of Homeland Security to resolve the issue, calling it a top priority for the administration. .
“Unfortunately, this type of attack is becoming more frequent,” he told the CBS program Face the Nation. “We need to work in partnership with our businesses to protect networks to protect ourselves against these attacks.”
He said US President Joe Biden was briefed on the attack.
“Right now it’s an all-out deck effort” and we’re working closely with agencies, state and local officials to make sure they get back to normal as soon as possible and that supplies aren’t disrupted, “Raymondo said.
The Department of Transportation issued a regional emergency declaration on Sunday, relaxing hourly service rules for drivers of petrol, diesel, jet fuel and other refined petroleum products in 117 states and the District of Columbia. This allows them to work overtime or more flexible hours to fill any fuel deficit related to pipeline breakdowns.
One of the people close to the colonial investigation said the attackers probably stole data from the agency for the purpose of extortion. Sometimes stolen data is more valuable to ransom criminals than crippling a network to achieve fraud because some victims hate to see their sensitive information dumped online.
Security experts said the attack should be a warning to critical infrastructure operators, including electric and water utility and power and transportation companies – that not investing in their safety updates puts them at risk of disaster.
Ed Amoroso, CEO of Tag Cyber, said Colon was colonially fortunate that its invaders were at least externally driven by profit, not geopolitics. State-backed hackers are risking more deadly destruction using the same intrusion methods as ransomware gangs.
“This is a bad sign for companies that are vulnerable to ransomware because they are probably at greater risk of more deadly attacks,” he said. For example, Russian cyberwaris crippled Ukraine’s electrical grid during the winter of 2015 and 2016.
In the United States, cyberostatization efforts have become a thousand-fold death toll in the past year, with attacks on hospitals delaying cancer treatment, disrupting schooling and crippling police and city governments.
Tulsa, Oklahoma has become the 32nd state or local government in the United States to be the victim of a ransom attack this week, said Brett Collo, a threat analyst at cybersecurity firm MSSoft.
The average ransom paid in the United States nearly tripled last year to more than 0 310,000 to Farm Coverware.
David Kennedy, founder and senior chief security adviser at TrustSec, said that once a ransom attack was detected, companies could not fully rebuild their infrastructure or spend the ransom.
“Ransomware is completely out of control and as a nation we are under the greatest threat,” Kennedy said. “The problem we’re facing is that most companies are seriously unprepared to face this threat.”
Colon settlers transport gasoline, diesel, jet fuel and home heating oil from Gulf Coast refineries through a running pipeline from Texas to New Jersey. Its pipeline system transports 380 million liters (100 million gallons) a day, covering more than 8,850km (5,500 miles).
Debilil Chowdhury of research firm IHS Markit said gas prices could start to rise if the outage lasts one to three weeks.
“I wouldn’t be surprised if it ends up as an outage of that magnitude, if we see a 15 to 20 percent increase in gas prices in the next week or two.”
The judiciary has a new task force dedicated to dealing with ransomware attacks.
Although the United States has not faced any serious cyberattacks on its critical infrastructure, officials say Russian hackers have been known to infiltrate particularly important sectors, taking their position to inflict casualties when armed conflict begins. While there is no evidence that the Kremlin has benefited financially from the ransom, U.S. officials believe President Vladimir Putin has backed the catastrophic events that have devastated the opposition’s economy.
Iranian hackers were also aggressive in gaining access to utilities, factories and oil and gas facilities. In one case in 2013, they entered the control system of a U.S. dam.