What's new

Major fuel pipeline forced to shut down after cyber attack

Zarvan

ELITE MEMBER
Joined
Apr 28, 2011
Messages
54,470
Reaction score
87
Country
Pakistan
Location
Pakistan

The pipeline supplies 45% of the East Coast’s fuel products, including gasoline, diesel and home heating oil.

Ransomware attack leads to shutdown of major U.S. pipeline system


The attack on top U.S. operator Colonial Pipeline appears to have been carried out by an Eastern European-based criminal gang


Trucks line up at a Colonial Pipeline facility in Pelham, Ala. (Jay Reeves/AP)

By
Ellen Nakashima
,
Yeganeh Torbati
and
Will Englund

May 9, 2021 at 3:16 a.m. GMT+5

A ransomware attack led one of the nation’s biggest fuel pipeline operators to shut down its entire network on Friday, according to the company and two U.S. officials familiar with the matter.

While it is not expected to have an immediate impact on fuel supply or prices, the attack on Colonial Pipeline, which carries almost half of the gasoline, diesel and other fuels used on the East Coast, underscores the potential vulnerability of industrial sectors to the expanding threat of ransomware strikes.

It appears to have been carried out by an Eastern European-based criminal gang — DarkSide, according to a U.S. official and another person familiar with the matter.

Federal officials and the private security firm Mandiant, a division of FireEye, are still investigating the matter, they said.

The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis

“We are engaged with the company and our interagency partners regarding the situation,” said Eric Goldstein, executive assistant director of the cybersecurity division at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. “This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”


President Biden was briefed on the incident on Saturday morning, a White House statement said. It said the federal government is working to assess the incident’s implications, avoid disruption to supply and help Colonial Pipeline restore operations “as quickly as possible.”

Colonial Pipeline said in a statement on Friday that it had temporarily shut down all its pipeline operations after learning it had been hit by a cyber attack on some of its “information technology” or business network systems that day. As a result, the firm said, it “proactively took certain systems offline to contain the threat.” Early on Saturday afternoon, the company confirmed that the attack “involves ransomware.” It said it had notified law enforcement and other federal agencies.


(The Washington Post)

Colonial’s 5,500 miles of pipelines carry fuel from refineries on the Gulf Coast to customers in the southern and eastern United States. It says it transports 45 percent of the fuel consumed on the East Coast, reaching 50 million Americans.



Ransomware attacks, in which hackers lock up computer systems — usually by encrypting data — and demand payment to free up the system, are a global scourge. In recent years, they have affected everyone from banks and hospitals to universities and municipalities — almost 2,400 organizations in the United States were victimized last year alone, one security firm reported. But the attackers are increasingly targeting industrial sectors because these firms are more willing to pay up to regain control of their systems, experts say.

“The downtime for industrial companies can cost millions,” said Robert M. Lee, the chief executive of Dragos, a major cybersecurity firm that handles incidents in the industrial control sector.

U.S. officials and experts in industrial control security said such attacks are more common than is publicly known and that most just do not get reported.



“There are absolutely cases in industrial operations where ransomware impacts operations,” but often the stories don’t hit the news, Lee said. “There are lots of industrial control companies that are battling ransomware around the United States.”

The Cybersecurity 202: Lawmakers scramble for legislative solutions to a growing ransomware crisis
The trend exploded in the last three years after the WannaCry and NotPetya computer worms showed cyber criminals how targeting companies in critical industrial sectors is more likely to make companies pay out, Lee said.

The DarkSide group has hit utility firms before, said Allan Liska, intelligence analyst at the cyber threat research firm Recorded Future. In February, ransomware attacks disrupted operations at two Brazilian state-owned electric utility companies, Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), he said.



Private firms that investigate cyber intrusions say they are handling cases involving DarkSide using ransomware to target American industrial companies. But there are many other ransomware groups that seem to be targeting such firms in greater numbers than ever before, analysts said.

Carrying off a ransomware attack does not require great technical sophistication, Liska said. In the world of criminal ransomware operations, some crews specialize in gaining access and others pay for that access and then lock up the data, he said. DarkSide generally falls into the lock up crew category, he said.

“The last few years have been incredibly busy” because the proliferation of vulnerabilities in firewalls and virtual private networks have allowed ransomware criminals to gain access to networks at an unprecedented scale, Lee said.



“To put it simply, we are on the cusp of a global digital pandemic driven by greed,” former top DHS cyber official Christopher Krebs told Congress on Wednesday. He called the ransomware emergency a “digital dumpster fire.”

Last year, CISA warned pipeline operators about the threat of ransomware. CISA responded to a ransomware attack on a natural gas compression facility in which the attacker gained access to the corporate network and then pivoted to the operational network, where it encrypted on various devices. As a result, the firm shut down operations for about two days, CISA said.

The DHS warning to operators came after members of Congress in 2018 urged the agency to do more to protect pipelines from cyber attacks.

Though there is as yet no known foreign government nexus to the Colonial Pipeline incident, the U.S. government has in the past asserted links between Russian spy services and ransomware rings. Last month, the Treasury Department stated that the Russian internal security service, FSB, “cultivates and co-opts criminal hackers, including” a group called Evil Corp., “enabling them to engage in disruptive ransomware attacks.” Treasury sanctioned Evil Corp. in late 2019.


Cybersecurity researchers believe that DarkSide operates mostly out of Russia, which U.S. officials and cybersecurity experts have accused of harboring cyber criminals. These criminals avoid targeting victims in Russia, experts say.

In January 2019, the Director of National Intelligence, Daniel Coats, warned at an annual worldwide threat briefing that China has the ability to launch cyber attacks that cause temporary disruptive effects on critical infrastructure, “such as disruption of a natural gas pipeline for days to weeks” in the United States. He did not specify what type of cyber tool or mention ransomware explicitly.

A task force of more than 60 experts from industry, government, nonprofits and academia last month urged a series of coordinated actions by industry, government and civil society. Their recommendations include mandating that organizations report ransom payments and requiring them to consider alternatives before making payments. Governments, they said, could provide support to help firms hold out longer. The recommendations also call for global diplomatic and law enforcement efforts to induce countries from providing safe havens to ransomware criminals.


“Proposing this framework is merely the first step,” the task force said, “and the real challenge is in implementation.”

The Biden administration is expected in the coming weeks to issue an executive order aimed at shoring up the cybersecurity of federal civilian agencies. Though it will not specifically address private critical infrastructure, it is expected to drive standards for federal contractors that experts hope will ripple across the private sector.

Last month, the White House and Energy Department launched a 100-day action plan focused on boosting the cybersecurity of electricity sector industrial systems. The idea is to eventually expand that effort to gas pipelines and water systems.

Prices for refined oil products are slumping on the Gulf Coast because of the shutdown. Analysts say that depending on how long the pipelines are out of service, prices for gasoline and jet fuel could rise in the New York area, as they did in 2017 when a hurricane forced a shutdown.


Bob McNally, founder of the Rapidan Energy Group, said although the shutdown of the Colonial system is “massive,” if the company is able to restart operations within a couple of days, he does not expect an impact on fuel prices.

“The critical thing now is the duration,” he said. “Right now, everything depends this weekend on news that the market gets about the duration of the outage.”

Storage in both the Gulf Coast region and the Northeast “can largely mitigate the impact of a short-term event,” said Bernadette Johnson, senior vice president of power and renewables at a company called Enverus.

But if the shutdown lasts much longer than a few days, there could be a cascade of dramatic impacts, including higher prices and consumer hoarding of gasoline supplies, McNally said. Gasoline prices have been edging higher in recent weeks, in line with typical seasonal trends.

The Colonial pipeline system “is an irreplaceable, vital jugular for fuel supply to the East Coast,” McNally said. “It’s the major artery and there are no real other good options to replace it.”

One of Colonial’s two pipelines ruptured last summer in North Carolina, spilling 1.2 million gallons of gasoline, the largest spill in the state’s history.

On March 29, the Pipeline and Hazardous Materials Safety Administration (PHMSA), a division of the Department of Transportation, informed Colonial that its investigation of the North Carolina spill raised serious concerns about safety.

“PHMSA’s ongoing investigation indicates that conditions may exist on the Colonial Pipeline System that pose a pipeline integrity risk to public safety, property or the environment,” it said in a proposed safety order.

“The conditions that led to the failure potentially exist throughout the Colonial Pipeline System. Further, Colonial’s inability to effectively detect and respond to this release, as well as other past releases, has potentially exacerbated the impacts of this and numerous other failures over the operational history of Colonial’s entire system. ... It appears that the continued operation of the Colonial Pipeline System without corrective measures would pose a pipeline integrity risk to public safety, property, or the environment.”

In 2016, a Colonial pipeline exploded and released 4,400 barrels of gasoline into a pond in Shelby County, Ala. One worker was killed. Recovery and repair procedures were hampered by dangerous clouds of gasoline and benzene vapors, PHMSA reported.

Later that year, an underground leak of more than 7,000 barrels was discovered by a mine inspector in Alabama. That leak was attributed to pipe fatigue caused by improper preparation of the soil beneath it. For both incidents, the company agreed to pay the state $3.3 million to cover damages and penalties.

1.4k Comments
Image without a caption

By Ellen Nakashima
Ellen Nakashima is a two-time Pulitzer Prize-winning reporter covering intelligence and national security matters for The Washington Post. She joined The Post in 1995 and is based in Washington, D.C. Twitter
Image without a caption

By Yeganeh Torbati
Yeganeh Torbati joined The Washington Post in 2020 as a reporter investigating the tax, budget, trade and regulatory decisions made by Washington’s power brokers. She previously covered the federal government for ProPublica, and she wrote about immigration, national security and Iran for Reuters. Twitter
Image without a caption

By Will Englund
Will Englund, a former Moscow correspondent, covers energy. A winner of the Pulitzer Prize, he is the author of “March 1917: On the Brink of War and Revolution.” Twitter

Ransomware attack leads to shutdown of major U.S. pipeline system - The Washington Post
 
.
And who looks after these ransom ware groups. Remember problem reaction solution. All filth in the world is because of zionists
 
.
As for the US White Supremacists, Putin is more popular than Biden...

A colossal failure of the US Establishment to check the Russo-Sino axis, thanks to the WOT....

Bin Laden is having the last laugh....

By the by, Russia and Iran went out of their ways with their help to have the USA "well settled" in Afganistan, Irak etc. following 9/11! What were the "smart" majors at the Pentagon thinking???
 
. .
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

May 13, 2021, 10:15 AM EDT Updated on May 13, 2021, 7:01 PM EDT

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment. Colonial said it began to resume fuel shipments around 5 p.m. Eastern time Wednesday.

When Bloomberg News asked President Joe Biden if he was briefed on the company’s ransom payment, the president paused, then said: “I have no comment on that.”

The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.

On Wednesday, media outlets including the Washington Post and Reuters, also based on anonymous sources, reported that the company had no immediate intention of paying the ransom.

Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid -- a kind of double extortion.

The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency says.

However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a briefing earlier this week. “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” she told reporters Monday.

Such guidance provides a quandary for victims who have to weigh the risks of not paying with the costs of lost or exposed records. The reality is that many choose to pay, in part because the costs may be covered if they have cyber-insurance policies.

“They had to pay,” said Ondrej Krehel, chief executive officer and founder of digital forensics firm LIFARS and a former cyber expert at Loews Corp., which owns Boardwalk Pipeline. “This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait.”

Krehel said a $5 million ransom for a pipeline was “very low.” “Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response,” he said.

A report released last month by a ransomware task force said the amount paid by victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, according to report.

Colonial, which operates the largest fuel pipeline in the U.S., became aware of the hack around May 7 and shut down its operations, which led to fuel shortages and lines at gas stations along the East Coast.
 
.

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Back
Top Bottom