The attempted cyber extortion that forced the closure of a major U. S. pipeline conducted through a gang of criminals known as DarkSide, the Federal Bureau of Investigation (FBI) showed Monday.
“The FBI confirms that the Darkside ransomware is guilty of compromising Colonial Pipeline’s network painting,” a statement through the office said. “We continue to work with the company and our government partners in research. “
The closure lasted until its third day, with Biden’s administration loosening regulations for the transport of petroleum products on the roads as a component of an “all-on-deck” effort to disrupt fuel supply.
Experts said gas costs are unlikely to be affected if the pipeline returns to normal in the coming days, but that the incident, america’s worst critical infrastructure cyberattack to date, serves as a warning to businesses about the vulnerabilities they face.
The pipeline, operated through Georgia-based Colonial Pipeline, transports gas and other fuels from Texas to the northeast, and approximately 45% of the fuel is fed on the east coast, according to the company.
It was hit by what Colonial called a ransomware attack, in which hackers block PC systems by encrypting data, paralyzing networks and then not easy a giant ransom to decrypt them.
On Sunday, Colonial Pipeline said it is actively restoring some of its computer systems, and said it keeps in touch with law enforcement and other U. S. agencies, adding that the Department of Energy, which is leading the federal government’s response. or who asked for it.
Cultivating a Robin Hood symbol of stealing businesses and giving a cut to charity, DarkSide is a component of the ransomware gangs that have “professionalized” an industry of criminals that has claimed tens of billions of dollars from Western nations. dollars in the last 3 years.
DarkSide says it is not attacking hospitals, nursing homes, educational or government goals and is donating part of its capture to charities. It has been active since August and, typical of the toughest ransomware bands, is known to target organizations in the countries of the former Soviet bloc.
Colonial did not say whether he paid or negotiated a ransom, and DarkSide did not announce the attack on its dark online page or answer questions from an Associated Press reporter. Lack of popularity indicates that a victim is negotiating or paid.
On Sunday, Colonial Pipeline said it had a plan to “reboot the system. “He said his main pipeline remains offline but that some smaller lines are already operational.
“We are in the process of restoring service to other sidelines and will only put our full formula back online when it is safe to do so and in full compliance with the approval of all federal regulations,” the company said in a statement. .
U. S. Secretary of Commerce Gina Raimondo said Sunday that ransomware attacks are “what companies now want to worry about” and that she will work “very vigorously” with the Department of Homeland Security to address the problem, calling it one of the most sensible precedents for the administration.
“Unfortunately, these types of attacks are becoming more frequent,” he said in CBS’s Face the Nation. “We want to work in partnership with corporations to protect net paints to protect us from such attacks. “
U. S. President Joe Biden had been informed of the attack.
“It’s an effort of all hands to work right now,” Raimondo said. “And we work hard with the company, the national and local government to make sure they return to general operations as temporarily as you can imagine and that there are no interruptions in the source. “. “
The Department of Transportation issued a regional emergency statement Sunday, relaxing hours-of-service regulations for drivers using gasoline, diesel, jet fuel, and other subtle petroleum products in 17 states and the District of Columbia, allowing them to paint or more flexible hours to compensate. because of any fuel shortages related to pipe failure.
A user close to colonial research said the attackers had also stolen knowledge of the company, possibly for extortion. Sometimes, stolen knowledge is more valuable to ransomware criminals than the influence they gain by paralyzing a network, as some affected are reluctant to have their sensitive data dumped online.
Security experts said the attack should be a warning to critical infrastructure operators, adding electricity and water services and energy and shipping corporations, that not making an investment to update their protection exposes them to the risk of crisis.
Ed Amoroso, CEO of TAG Cyber, said Colonial was fortunate that his attacker was at least apparently motivated only by profit, not geopolitics. State-backed hackers decided that more serious destruction used the same intrusion strategies as ransomware gangs.
A major pipeline carrying fuel along the east coast of the United States says it had to shut down its operations because it was the victim of a cyberattack [File: Mark Lennihan/AP Photo] “For corporations vulnerable to ransomware, it’s a bad sign because they’re probably more vulnerable to more serious attacks,” he said. Russian cyberwarners, for example, paralyzed Ukraine’s electricity grid in the winters of 2015 and 2016.
Cyber extortion attempts in the United States have become a phenomenon that has been killed through a thousand cuts over the next year, with attacks that caused delays in cancer treatment in hospitals, disrupted schooling, and paralyzed police and municipal governments.
Tulsa, Oklahoma, this week is the 32nd state or local U. S. government to be attacked by ransomware, said Brett Callow, risk analyst at cybersecurity company Emsisoft.
Average ransoms paid in the United States nearly tripled to more than $310,000 last year. The average downtime for those suffering ransomware attacks is 21 days, according to Coveware, which is helping those affected react.
David Kennedy, founder and senior security representative of TrustedSec, said that once a ransomware attack is discovered, corporations have little resources to rebuild their infrastructure or pay the ransom.
“Ransomware is sure to be gone and is one of the biggest threats we face as a nation,” Kennedy said. “The challenge we face is that top corporations are not prepared to deal with these threats. “
Colonial transports gasoline, diesel, jet fuel and domestic fuel oil from Gulf Coast refineries through pipelines from Texas to New Jersey. Its network of pipelines spans more than 8,850 km (5,500 miles), with more than 380 million liters (100 million gallons) according to day.
Debnil Chowdhury of IHS studio Markit said that if the outage lasted from one to three weeks, fuel costs could start to rise.
“I wouldn’t be surprised if it ends up being a failure of this magnitude, if we see a 15 to 20 cent increase in gas costs over the course of a week or two,” he said.
The Department of Justice has a new working group committed to fighting ransomware attacks.
Although the United States has not suffered any serious cyberattacks on its critical infrastructure, officials say it is known that specific Russian hackers have infiltrated some very important areas, positioning itself to do harm if an armed confrontation breaks out. benefit economically from ransomware, US officials, President Vladimir Putin, enjoy the chaos they are causing in opponents’ economies.
Iranian pirates have also been competitive in seeking access to utilities, factories and oil and fuel facilities. In one case in 2013, they broke the formula of an American dam.
Colonial Pipeline says it stopped all pipeline operations after an incident involving ransomware.
A series of covert counterattacks are planned on Russian networks, NYT reported, which led Moscow to condemn.
President Joe Biden promises to defend America’s cybersecurity by defending the us. But can you do it?
U. S. intelligence agencies attribute piracy to Russian state actors, Moscow denies any involvement.
Follow Al Jazeera English: