•   
  •   
  •   

US Colonial Pipeline admits paying ransom against FBI advice. It represents one of the most insurmountable cybersecurity problems

01:05  09 june  2021
01:05  09 june  2021 Source:   usatoday.com

Taking the 'cyber' out of cyberattacks: Why hackers are going after physical infrastructure

  Taking the 'cyber' out of cyberattacks: Why hackers are going after physical infrastructure A major gas pipeline. Dozens of government agencies. A Florida city's water supply. And now, one of the world's top meat producers.A major gas pipeline. Dozens of government agencies. A Florida city's water supply. And now, one of the world's top meat producers.

Washington (CNN) Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday. The group, previously identified as DarkSide, demanded nearly million, two other sources familiar with the incident said. Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Administration (CISA), said on Thursday that he has "no knowledge of whether a ransom was paid , how much was paid , if it was paid , when it was paid ."

US investigators have recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department announced Monday.

Colonial Pipeline CEO Joseph Blount’s admission Tuesday that he paid a $4.4 million ransom against the FBI’s wishes illustrates one of the most insurmountable cybersecurity problems in protecting the nation’s critical infrastructure from future attacks, experts say.

“Here’s the point: We cannot stop U.S. companies from paying ransom,” lamented one Justice Department lawyer involved in cybercrime and security issues.

Blount, in his much-anticipated testimony before the Senate Homeland Security committee, said that Colonial Pipeline knew the FBI officially advises companies not to pay ransom money in cases like the one that shut down the nation’s biggest fuel pipeline artery for five days last month. He also said that he knew the full well that the FBI can’t tell him or any other private sector CEO what to do when it comes to negotiating with digital extortionists.

As ransomware attacks cripple US infrastructure, a look at why they're on the rise

  As ransomware attacks cripple US infrastructure, a look at why they're on the rise A recent spate of ransomware attacks has left the nation reeling. A recent spate of ransomware attacks has crippled critical American infrastructure, disrupted major food supply chains and revealed that no firm -- big or small -- is safe from these insidious cyberattacks.

Court documents released in the Colonial Pipeline case say the FBI got in by using the encryption key linked to the Bitcoin account to which the ransom money was delivered. However, officials have not disclosed how they got that key. One of the reasons criminals like to use Bitcoin and other crypto Deputy FBI Director Paul Abbate said on Monday that the bureau has been investigating DarkSide since last year. Doss notes it is probable that in their surveillance, officials may have had search warrants that enabled them to access the emails or other communication by one or more of the

On May 8, Colonial Pipeline paid a ransom worth roughly .3 million in bitcoin to the Russia-based hacking group known as DarkSide, which had used malicious software to hold the company hostage. Colonial Pipeline CEO Joseph Blount told The Wall Street Journal that the company paid the pricey ransom because "Earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network," Deputy Attorney General Lisa Monaco said during a press conference Monday. "Using technology to hold businesses, and even whole cities, hostage for

a close up of a sign: Colonial Pipeline Houston Station on May 10, 2021, in Pasadena, Texas. © Francois Picard/AFP via Getty Images Colonial Pipeline Houston Station on May 10, 2021, in Pasadena, Texas.

Start the day smarter. Get all the news you need in your inbox each morning.

And while he called the ransom paid to the DarkSide criminal hacking organization “the hardest decision I’ve made in my 39 years in the energy industry,” Blount suggested to senators that he would do it again.

Blount wasn’t asked too many probing questions about the ransom payment or about some reported cybersecurity lapses by Colonial Pipeline in the run-up to the attack. And he avoided, for the most part, the kind of grilling that some other CEOs have received on Capitol Hill after serious security breaches and other lapses affecting the so-called critical infrastructure that keeps America and its economy running.

Ransomware: A cheat sheet for professionals

  Ransomware: A cheat sheet for professionals This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and Petya, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.In the past, security threats typically involved scraping information from systems that attackers could use for other crimes such as identity theft. Now, cybercriminals have proceeded to directly demanding money from victims by holding their devices--and data--hostage. This type of malware attack in which data is encrypted (or claimed to be) and victims are prompted to pay for the key to restore access, called ransomware, has grown rapidly since 2013.

Colonial Pipeline said in a statement Saturday that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” It ’s working to get business back to normal. The cybersecurity firm FireEye Inc. said its Pipelines are a specific concern because they play a central role in so many parts of the U.S. economy. The latest attack comes as the nation’s energy industry gears up for summer travel and stronger fuel demand as pandemic economic restrictions are eased. It ’s also an unpleasant reminder of how a

The FBI recovered a huge chunk of the Colonial Pipeline ransom by secretly gaining access to Darkside's bitcoin wallet password. On May 8, with its operations knocked offline and amid an emerging gas crisis, Colonial opted to pay the ransom ( much to the chagrin of government crimefighters who were simultaneously trying to shut down the hack). Colonial told the FBI that Darkside had instructed it to send 75 bitcoin, worth about .3 million at the time, according to an affadavit from an FBI special agent involved in the investigation .

And while Colonial Pipeline is just one of many companies that have paid ransoms to hackers who have taken control of their systems, it has become a focal point for the issue given the gas shortages, chaos and widespread panic the incident caused.

The FBI’s “official position is you shouldn't pay ransom,” Sen. Rob Portman, the committee’s Ranking Republican, told Blount as the CEO was describing how Colonial Pipeline began working with specialized FBI cybersecurity agents within hours of the May 7 attack. “And yet they didn't communicate that to you, as far as you know?”

Caution tape is wrapped around fuel pumps at an Exxon gas station in Lynchburg, Va., on May 11. More than 1,000 gas stations in the Southeast reported running out of fuel, primarily because of what analysts say is unwarranted panic-buying among drivers alarmed by the shutdown of a major pipeline by hackers. Virginia Gov. Ralph Northam declared a state of emergency. © Kendall Warner, The News & Advance via AP Caution tape is wrapped around fuel pumps at an Exxon gas station in Lynchburg, Va., on May 11. More than 1,000 gas stations in the Southeast reported running out of fuel, primarily because of what analysts say is unwarranted panic-buying among drivers alarmed by the shutdown of a major pipeline by hackers. Virginia Gov. Ralph Northam declared a state of emergency.

Blount responded that he wasn’t involved in those discussions, so “I can't confirm or deny that. But I do agree that their position is they don't encourage the payment of ransom. It is a company decision to make.”

Majority of $4.4 million cryptocurrency ransom payment in Colonial Pipeline hack recovered

  Majority of $4.4 million cryptocurrency ransom payment in Colonial Pipeline hack recovered Deputy Attorney General Lisa Monaco said the FBI was able to "turn the tables" on the group known as the "Darkside," believed to be based in Russia. At a Justice Department briefing, FBI Deputy Director Paul Abbate said investigators were able to trace the payment to a "virtual currency wallet," and then seized more than $2 million in cryptocurrency funds.Start the day smarter. Get all the news you need in your inbox each morning. Although it is unlikely that the hackers would ever face charges in the U.S., Monaco and Abbate said the U.S.

Colonial Pipeline paid nearly million ransom to hackers. NBC News See more videos. WASHINGTON (AP) — The Justice Department has recovered most of a multimillion-dollar ransom payment made to hackers after a cyberattack that caused the operator of the nation's largest fuel pipeline to halt its operations last month, officials said Monday. The operation to recover the cryptocurrency from the Russia-based hacker group is the first undertaken by a specialized ransomware task force created by the Biden administration Justice Department, and reflects a rare victory as U.S

Many of the demonstrators would also be among the mob that attacked the US Capitol on 6 January. A video released on Friday shows representative Mike Nearman opening a door to the building, which was closed to the public, and inviting the rioters inside. In another video, Nearman tells protesters how to reach him. The justice department recovered .3m in cryptocurrency that Colonial Pipeline paid in ransom to Darkside following a cyber -attack last month that brought the nation’s largest fuel pipeline offline.

“And so you knew what the advice was going to be that the agents provided that day,” Portman said.

Replied Blount: “Yes, sir, we did.”

Earlier, Blount said he kept the information closely held because of concerns about operational safety and security. “And we wanted to stay focused on getting the pipeline back up and running,” he said. “I believe with all my heart it was the right choice to make. But I want to respect those who see this issue differently.”

Robert Anderson, the former Executive Assistant FBI director overseeing all cybersecurity issues, said Blount’s testimony underscores the dilemma facing the U.S. government and the private sector when it comes to dealing with the current epidemic of ransomware attacks. That’s especially the case when it comes to the 16 U.S. critical infrastructure sectors – like Colonial Pipeline – whose assets, systems, and networks are considered vital to U.S. national security.

map: A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack. © Associated Press A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack.

“In the government, it’s like, let's catch the bad guys, which is all good. But being out here for the last six years and running cyber companies, I totally get how he feels,” said Anderson, who now heads Texas-based Cyber Defense Labs. “When you're a CEO, you're worried about, you know, is my company going to go bankrupt? Can I pay these 10,000 people that are working for me? Is my stock price is going to drop?”

‘Majority’ of ransom paid by Colonial Pipeline seized and returned by DOJ

  ‘Majority’ of ransom paid by Colonial Pipeline seized and returned by DOJ Of the $4.4 million the company paid, $2.3 million was returned.The Department of Justice announced on Monday that it managed to recover some of the ransom that was paid by Colonial Pipeline to the cybercriminals behind the DarkSide ransomware last month.

Even though the FBI has recovered much of the ransom by accessing Bitcoin wallets, Anderson and other former government cybersecurity officials said the case shows how little either side can accomplish without working together.

“Nowadays, I think we need to really start having meaningful communications and a plan between the government and private sectors on how we're going to tackle this,” Anderson said. “There’s just no way that private corporate America, or the government, or the United States law enforcement and intelligence organizations can do this on their own.”

On Tuesday, Portman and some other senators said they are working on a series of legislative proposals aimed at addressing the rampant spread of ransomware attacks in the United States. One possible solution is possibly forcing private companies to enact more stringent cybersecurity safeguards such as multifactor authentication so employees’ email accounts can’t be hacked so easily.

But the subject of whether or not Washington should consider banning companies from paying ransoms never came up – most likely because government lawyers acknowledge it would interfere with the independence of the private sector.

Currently, it is illegal for companies to pay ransoms to a select few hacker entities and individuals that have been sanctioned by the Department of Treasury. Blount said Colonial lawyers checked to make sure DarkSide wasn’t on that list before they began negotiations.

Retired Col. Gary Corn, the former staff judge advocate, or general counsel, to U.S. Cyber Command, said the issue is "very similar to what was going on with the problem of piracy. Companies were paying ransoms in those situations. And the more you paid ransom, the more you're making it a lucrative market for the criminals.”

“It's just a Gordian Knot of a problem – for the companies and for the FBI,” said Corn, who directs the Technology, Law, & Security Program at the American University Washington College of Law. “I don't dispute with the FBI is trying to get him to do or not to. But if [companies] don't pay the ransom, and the business goes under, is the FBI or the government going to underwrite that risk?”

This article originally appeared on USA TODAY: Colonial Pipeline admits paying ransom against FBI advice. It represents one of the most insurmountable cybersecurity problems

Liberals celebrate the demise of the Keystone XL pipeline, but conservatives promise to keep the issue alive .
Canadian gas company TC Energy announced Wednesday that it had terminated its Keystone XL pipeline project months after President Biden revoked a key permit on his first day of office because of concerns over the pipeline’s impact on climate change. This decision by TC Energy concludes a thirteen year battle surrounding the building of the pipeline and represents a victory for environmental groups who have been calling attention to the harmful effects of processing oil sands crude since the Keystone project was first proposed in 2008.

usr: 8
This is interesting!