US EXPLAINER: Why the Colonial Pipeline hack matters
Major US pipeline halts operations after ransomware attack
WASHINGTON (AP) — The federal government is working with the Georgia-based company that shut down a major pipeline transporting fuel across the East Coast after a ransomware attack, the White House says. The government is planning for various scenarios and working with state and local authorities on measures to mitigate any potential supply issues, officials said Saturday. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown, experts said. Colonial Pipeline did not say what was demanded or who made the demand.
NEW YORK (AP) — A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers.
WHAT HAPPENED TO THE COLONIAL PIPELINE?
What we know about the Colonial Pipeline ransomware cyberattack
What we know about the Colonial Pipeline cyberattack. The latest on who is behind it, how it could impact gas prices and more. Colonial Pipeline said on Saturday that it was the victim of a cyberattack involving ransomware and had "proactively" halted all pipeline operations as a result. The 5,500-mile pipeline system transports approximately 45% of all fuel consumed on the East Coast, according to its website, and runs from Texas to New Jersey.
Colonial Pipeline, the owner, halted all pipeline operations over the weekend, forcing what the company called a precautionary shutdown. U.S. officials said Monday that the “ransomware” malware used in the attack didn’t spread to the critical systems that control the pipeline’s operation. But the mere fact that it could have done so alarmed outside security experts.
WILL THERE BE GASOLINE SHORTAGES?
Colonial Pipeline wasn't the first and won't be the last cyber pirate attack
The fact that an apparent group of cyber pirates -- a secret criminal nerd syndicate -- can take down the aorta of fuel for the East Coast should be sending shockwaves through the country. © Michael M. Santiago/Getty Images WOODBRIDGE, NEW JERSEY - MAY 10: Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. We've all read this year about the pandemic threatening supply chains and about climate change causing more freak weather that threatens power grids.
It depends on how long the shutdown lasts. Colonial said it's likely to restore service on the majority of its pipeline by Friday.
There’s no imminent shortfall, and thus no need to panic buy gasoline, said Richard Joswick, head of global oil analytics at S&P Global Platts. If the pipeline is restored by Friday, there won’t be much of an issue. “If it does drag on for two weeks, it’s a problem,” Joswick added. “You’d wind up with price spikes and probably some service stations getting low on supply. And panic buying just makes it worse.”
SO WHAT’S HAPPENING WITH GASOLINE PRICES?
The average gasoline price jumped six cents to $2.96 over the past week, and it’s expected to continue climbing because of the pipeline closure, according to AAA. Mississippi, Tennessee and the East coast from Georgia to Delaware are the most likely to experience limited fuel availability and higher prices, and if the national average rises by three more cents, these would be the highest prices since November 2014, according to AAA.
Pipeline officials hope most service will be back by weekend
WASHINGTON (AP) — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers. U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend. © Provided by Associated Press A company that operates a major U.S.
WHAT’S RANSOMWARE AGAIN?
Ransomware scrambles data that can only be decoded with a software key after the victim pays off the criminal perpetrators. An epidemic of ransomware attacks has gotten so bad that Biden administration officials recently deemed them a national security threat. Hospitals, schools, police departments and state and local governments are regularly hit. Ransomware attacks are difficult to stop in part because they’re usually launched by criminal syndicates that enjoy safe harbor abroad, mostly in former Soviet states.
WHO IS BEHIND THE ATTACK AND WHAT MOTIVATES THEM?
The hackers are Russian speakers from DarkSide, one of dozens of ransomware gangs that specialize in double extortion, in which the criminals steal an organization’s data before encrypting it. They then threaten to dump that data online if the victim doesn’t pay up, creating a second disincentive to trying to recover without paying.
Ransomware gangs say they are motivated only by profit. Colonial has not said how much ransom DarkSide demanded or whether it has paid. So far this year, ransomware gangs’ demands have reached as high as $50 million.
Colonial Pipeline ransomware hack and gas shortage: What you need to know
A weekend shutdown of the pipeline is still playing out along the East Coast.Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations.
U.S. officials say there’s is no evidence the Kremlin directly benefits from ransomware though Russian security services tolerate and sometimes even employ these cybercriminals. It’s not clear whether DarkSide has such Russian affiliations. President Joe Biden said Monday in answer to reporters' questions that there is no evidence so far that the Russian government is involved but there is evidence that DarkSide is Russia-based.
WHAT MAKES THIS DIFFERENT FROM OTHER RECENT HACKS?
Two big recent hacking campaigns — Solar Winds and the compromise of Microsoft Exchange — are viewed by U.S. officials as state-backed espionage. In the former, elite Russian hackers infiltrated U.S. government and corporate networks for months until their discovery in December. In the latter hack, first detected in late January, the U.S. blamed Chinese cyberspies. Biden has already announced sanctions against Russia for the SolarWinds hack and U.S. election interference, although many experts don’t believe them adequate to deter Russian President Vladimir Putin. Biden said he planned to raise the issue of Russia’s providing safe haven for cybercriminals when he meets with Putin, reportedly next month.
DarkSide posted a statement on its dark web site on Monday seeking to blame the Colonial attack on affiliates who rented out its ransomware, which is how such business operate. DarkSide claims it is apolitical and does not attack hospitals, nursing homes, schools or government agencies.
Colonial Pipeline shutdown: Expect fuel shortages to go away by Memorial Day, expert says
Colonial Pipeline will likely resume over the next two days, but consumers may have to wait longer in line, experts say.The shut-off of the pipeline, the primary fuel conduit serving the East Coast, spurred many people on the east coast and in the southeast into panic-buying — with some hoarding gas — and drained supplies at thousands of gas stations. Average gas prices are above $3, and some stations in the Southeast are running out or low on fuel.
WHY WASN’T COLONIAL ABLE TO PREVENT OR CONTAIN THE ATTACK?
Neither Colonial nor federal officials have explained how the attackers breached the company’s network and went undetected. Cybersecurity experts believe that Colonial may not have employed state-of-the-art defenses, in which software agents actively monitor networks for anomalies and are programmed to detect known threats such as DarkSide’s infiltration tools.
WHAT DOES COLONIAL NEED TO RESTORE ITS NETWORK AND HOW LONG WILL THAT TAKE?
That depends on how extensively Colonial was infected, whether it paid the ransom and, if it did, when it got the software decryption key. The decryption process could take several days at least, experts say. Colonial has not responded to questions on these issues, although it said only its IT network was affected.
DO PIPELINES FACE A GREATER RISK OF RANSOMWARE ATTACKS?
They're not necessarily at greater risk, but they do pose unique challenges. The Colonial Pipeline structure is a vast piece of critical infrastructure that provides fuel supply to states along the East Coast. Such a large network is bound to have different control systems along its path where it connects with distributors or customers.
“Every single time you connect something, you run the risk that you’re going to infect something,” said Kevin Book, managing director at Clearview Energy Partners. That variability can also make it harder for hackers to know where to find vulnerabilities, he said.
Over time, as pipelines expand, companies can end up with a mix of technology — some parts built within the company and others brought in from outside, said Peter McNally, global sector lead at Third Bridge. Many large energy companies have been under pressure from investors to limit reinvestment in such assets, which can be decades old, he added. That can be a problem when dealing with modern criminals.
WHAT CAN BE DONE TO HALT RANSOMWARE ATTACKS?
Previous attempts to put ransomware operators out of business by attacking their online infrastructure have amounted to internet whack-a-mole. The U.S. Cyber Command, Microsoft and cross-Atlantic police efforts with European partners have only been able to put a temporary dent in the problem.
Last month, a public-private task force including Microsoft, Amazon the FBI and the Secret Service gave the White House an 81-pagethat said considerable progress could be possible in a year if a concerted effort is mounted with U.S. allies, who are also under withering attack.
Some experts advocate banning ransom payments. The FBI discourages payment, but the task force said a ban would be a mistake as long as many potential targets remain “woefully unprepared,” apt to go bankrupt if they can’t pay. Neuberger said Monday that sometimes companies have no real choice but to pay a ransom.
The task force said ransomware actors need to be named and shamed and the governments that harbor them punished. It calls for mandatory disclosure of ransom payments and the creation of a federal “response fund” to provide financial assistance to victims in hopes that, in many cases, it will prevent them from paying ransoms.
Colonial Pipeline paid a $5M ransom – but will that only invite other malware hacks?: 'If the payments stop, the attacks will stop' .
Some cybersecurity experts, afraid Colonial Pipeline's $5M payout to hackers will trigger more malware attacks, are seeking a ban on ransom payments.The critiques stem from a decision by Colonial Pipeline, a gasoline delivery company, to pay more than $5 million for control of its computer system from a criminal syndicate known as Darkside.