US Colonial pipeline hack claimed by Russian group DarkSide spurs emergency order from White House

19:15  10 may  2021
19:15  10 may  2021 Source:   nbcnews.com

Pipeline cyberattack: Regulator urges CEOs to intensify cyber defenses

  Pipeline cyberattack: Regulator urges CEOs to intensify cyber defenses Neil Chatterjee, a top federal energy regulator, is calling on energy CEOs to step up their cyber defenses following a ransomware attack that knocked one of America's most important pipelines offline. © Jim Lo Scalzo/EPA-EFE/Shutterstock Mandatory Credit: Photo by JIM LO SCALZO/EPA-EFE/Shutterstock (11895253o) An image made with a drone shows fuel tanks at a Colonial Pipeline breakout station in Woodbine, Maryland, USA, 08 May 2021. A cyberattack forced the shutdown of 5,500 miles of Colonial Pipeline's sprawling interstate system, which carries gasoline and jet fuel from Texas to New York.

The federal government issued a rare emergency declaration on Sunday after a cyberattack on a major U.S. pipeline choked the transportation of oil to the eastern U.S.

a truck is parked in front of a building © Provided by NBC News

The Colonial Pipeline, responsible for the country’s largest fuel pipeline, shut down all its operations Friday after hackers broke into some of its networks. All four of its main lines remain offline.

The emergency declaration from the Department of Transportation aims to ramp up alternative transportation routes for oil and gas. It lifts regulations on drivers carrying fuel in 17 states across the South and eastern United States, as well as the District of Columbia, allowing them to drive between fuel distributors and local gas stations on more overtime hours and less sleep than federal restrictions normally allow. The U.S. is already dealing with a shortage of tanker truck drivers.

EXPLAINER: Why the Colonial Pipeline hack matters

  EXPLAINER: Why the Colonial Pipeline hack matters NEW YORK (AP) — A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers. © Provided by Associated Press FILE - In this Sept. 20, 2016 file photo vehicles are seen near Colonial Pipeline in Helena, Ala.

The emergency order extends through June 8, and can be renewed. Colonial has yet to declare a date it expects it will resume full operations.

Industry experts have already warned that a prolonged shutdown of the pipeline could push gas prices higher and cause disruptions in eastern parts of the U.S.

The cyberattack is believed to be the work of a Russian cybercrime gang called DarkSide. Like many ransomware gangs, it makes money by hacking a victim’s network, encrypting their files so they can’t be accessed, and threatening to publish them online if they’re not paid a hefty fee.

In a statement posted to its website, DarkSide echoed a sentiment common across ransomware gangs — that they’re an apolitical group, only interested in making money — but seemed to acknowledge that by hampering the fuel industry, they may have crossed a line with the United States that no ransomware gang has crossed before.

Colonial Pipeline wasn't the first and won't be the last cyber pirate attack

  Colonial Pipeline wasn't the first and won't be the last cyber pirate attack The fact that an apparent group of cyber pirates -- a secret criminal nerd syndicate -- can take down the aorta of fuel for the East Coast should be sending shockwaves through the country. © Michael M. Santiago/Getty Images WOODBRIDGE, NEW JERSEY - MAY 10: Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. We've all read this year about the pandemic threatening supply chains and about climate change causing more freak weather that threatens power grids.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment and look for other our motives,” the gang posted, misspelling "government."

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The attack is the latest in a recent rush of unrelated ransomware attacks across the country. A different group recently broke into Washington, D.C.’s Metropolitan Police Department and began leaking extremely detailed and personal files on officers. A third stole files from a major Apple supplier based in Taiwan and released previously private specs for Apple products.

Many Russian cybergangs work as independent operations, though they are sometimes recruited to work for Russian intelligence — and they generally avoid attacking targets in Russia.

Brett Callow, an analyst at the cybersecurity company Emsisoft who tracks ransomware, said there were signs in DarkSide's malicious software that it was meant to hit targets outside Russia and eastern Europe. He noted that the software is coded to not work against computers where Russian or one of several other eastern European languages are set as the default.

“DarkSide doesn’t eat in Russia,” Callow said. “It checks the language used by the system and, if it’s Russian, it quits without encrypting.”

Colonial Pipeline attack: A 'wake up call' about the threat of ransomware .
A relatively unsophisticated ransomware attack that caused a days-long shutdown of America's largest fuel pipeline last week — resulting in gas shortages, spiking prices and consumer panic — is exactly the sort of situation that cybersecurity experts have warned about for years. © Samuel Corum/Bloomberg/Getty Images A Colonial Pipeline Co. storage tank at a facility in the Port of Baltimore in Baltimore, Maryland, U.S., on Tuesday, May 11, 2021. And it could have been worse, said Nick Merrill, a researcher with the Center for Long-Term Cybersecurity at the UC Berkeley School of Information.

usr: 11
This is interesting!