Cyber-attack on US pipeline by criminal gangs: accusation | Business and Economic News

A cyber-extortion attempt to force the closure of a major U.S. pipeline was carried out by a criminal group known as DarkSide, which deals with the image of Robin Hood robbing corporations and giving a resolution to charity, two people close to the investigation said Sunday.

Meanwhile, the shutdown was extended to the third day, and the Biden administration released regulations to transport petroleum products on highways as part of its “hands on the back” effort to avoid disruptions in fuel supply.

Experts say gas station prices are unlikely to be affected if pipeline returns to normal in the next few days, but the incident – the worst cyber attack to date on critical US infrastructure so far – should serve as a wake-up call to companies about vulnerabilities. they face it.

The pipeline operated by Colonial Pipeline transports gasoline and other fuels from northeast Texas. According to the company, it provides about 45 percent of the fuel consumed on the East Coast.

It happened when Colonial called it a ransomware attack; in fact, hackers typically block computer systems by encrypting data, paralyzing networks, and then writing a large rescue.

On Sunday, Colonial Pipeline said it was actively in the process of recovering some of its IT systems. He says he continues to liaise with law enforcement and other U.S. agencies, including the Department of Energy, which directs the federal government’s response. The company did not say what was requested or who made the request.

However, two friends close to the investigation, speaking on condition of anonymity, identified the culprit as DarkSide. It is among the ransomware groups that have “professionalized” a criminal industry that has cost the Western nations $ 10 billion in losses over the past three years.

DarkSide says it does not attack hospitals, nursing homes, education or government purposes and gives a portion of what it takes to charity. It has been active since August and, as is usually the case with the strongest ransomware gangs, avoids targeting organizations in the nations of the old Soviet Bloc.

Colonial has not said whether it has paid the ransom or is negotiating, and DarkSide has not announced the attack on its dark website and has not responded to reporters from the Associated Press. Lack of recognition usually indicates that the victim is negotiating or paying.

On Sunday, Colonial Pipeline said it was developing a plan to “restart the system”. He said his main pipeline remains offline, but some smaller lines are now in operation.

“We are in the process of restoring service to other sides and will put our entire system back online when we believe it is safe to do so and in full compliance with all federal regulations,” the company said in a statement. .

U.S. Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are “what businesses need to worry about now,” and that she will work “very hard” with the Department of Security to address the issue, which is a top priority for the administration. .

“Unfortunately, these types of attacks are becoming more frequent,” he told Face the Nation on CBS. “We need to work in partnership with businesses to secure networks to defend ourselves against these attacks.”

He said U.S. President Joe Biden had been informed of the attack.

“It’s the effort of all the stages right now,” Raimondo said. “And we are working closely with the company, state and local officials to ensure that they return to normal operations as quickly as possible and that there is no disruption in supply.”

The Department of Transportation issued a regional emergency statement Sunday at 5 p.m., easing the hours of service to drivers carrying gasoline, diesel, aircraft fuel and other refined petroleum products in the District of Columbia. It allows them to work extra or more flexible hours to make up for the shortage of fuel associated with pipeline disruption.

A person close to the colonial investigation said the attackers also stole data from the company, allegedly for extortion purposes. Sometimes stolen data is more valuable to network criminals than the resource they get by damaging a network because some victims don’t see their sensitive information being thrown online.

Security experts say the attack should be a warning to critical infrastructure operators – including electricity and electricity and energy and transport companies – that not investing in security updates puts them at risk of disaster.

Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky that the attacker was at least motivated by profit alone, not geopolitics. State-backed hackers who resort to more serious destruction use the same methods of intrusion by ransomware groups.

A major pipeline carrying fuel on the east coast of the U.S. says it had to stop operations because it was the victim of a cyberattack. [File: Mark Lennihan/AP Photo]

“For companies that are vulnerable to ransomware, it’s a bad sign, probably because they are weaker in the face of more serious attacks,” he said. Russian cyber criminals, for example, crippled the Ukrainian electricity grid in the winters of 2015 and 2016.

Attempts at cyber-extortion in the U.S. have become a cutting-edge phenomenon in the past year, with attacks forcing delays in treating cancer in hospitals, disrupting schooling and paralyzing police and city governments.

This week Tulsa, Oklahoma, has become the 32nd state or local government in the U.S. to suffer a ransomware attack, said Brett Callow, a threat analyst at cybersecurity company Emsisoft.

The average ransom paid in the U.S. rose nearly threefold last year to more than $ 310,000. The average stop for victims of ransomware attacks is 21 days, according to the company Coveware, which helps victims respond.

David Kennedy, the founding and chief security adviser at TrustedSec, said that once a rescue attack is found, companies have few resources to completely rebuild their infrastructure or pay for the rescue.

“Ransomware is completely under control and is one of the biggest threats we have as a nation,” Kennedy said. “The problem we have before us is that most companies are not sufficiently prepared to deal with these threats.”

Colonial transports gasoline, diesel, aircraft fuel, and home heating oil from Gulf Coast refineries through pipelines from Texas to New Jersey. Its pipeline system covers more than 8,850 km (5,500 miles) and transports more than 380 million liters (100 million liters) per day.

Debnil Chowdhury of the IHS Markit research firm said that if the disruption is extended from one week to three weeks, gas prices could start to rise.

“I wouldn’t be surprised if the suspension of that magnitude ends, if we see a 15 to 20 percent rise in the price of diesel next week or two,” he said.

The Department of Justice has a new task force to deal with ransomware attacks.

Although the US has not suffered any serious cyberattacks on its critical infrastructure, officials say it is known that Russian hackers in particular have infiltrated some crucial sectors, with a position to do damage if the armed conflict erupts. While there is no evidence that the Kremlin is benefiting ransomware economically, U.S. authorities believe he likes President Vladimir Putin’s dizziness in his opponents ’economies.

Iranian hackers have also been aggressive in trying to gain access to public services, factories and oil and gas facilities. In 2013, in one case, they entered the control system of a U.S. dam.