The harbinger is what protections against hacks and ransomware are underway? Stopping oil and gas flow and delivery is how to stop life and economies. Apply some critical thinking here…it goes way beyond cost as supply is crucial. If the FBI was well aware of the DarkSide in 2020….we need to rethink the Bureau completely.
PC Magazine provides this update in part:
The FBI today confirmed that the cyberattack that forced Colonial Pipeline to take its network offline over the weekend is due to ransomware known as DarkSide.
“The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks,” the agency says. “We continue to work with the company and our government partners on the investigation.”
During a Monday White House press briefing, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, said the FBI has been investigating the DarkSide variant since October 2020, and has determined that it’s a ransomware-as-a-service attack, meaning “criminal affiliates conduct attacks and then share the proceeds with ransomware developers,” she said.
Though news reports have tied DarkSide to Russian operatives, President Biden said Monday that “so far, there’s no evidence…from our intelligence people that Russia is involved, although there is evidence that the actors [behind the ransomware are] in Russia, [so] they have some responsibility to deal with this.”
The Chicago Tribune along with other media sources post the notion that this should not last long:
The operator of a major U.S. pipeline hit by a cyberattack said Monday it hopes to have service mostly restored by the end of the week.
Colonial Pipeline offered the update after revealing that it had halted operations because of a ransomware attack the FBI has linked to a criminal gang.
The ransomware attack on the pipeline, which the company says delivers roughly 45% of fuel consumed on the U.S. East Coast, raised concerns that supplies of gasoline, jet fuel and diesel could be disrupted in parts of the region if the disruption continues.
At the moment, though, officials said there is no fuel shortage.
The Colonial Pipeline transports gasoline and other fuel through 10 states between Texas and New Jersey, according to the company.
Colonial is in the process of restarting portions of its network. It said Sunday that its main pipeline remained offline, but that some smaller lines were operational. The company has not said when it would completely restart the pipeline.
“The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices,” said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. But the Northeast had significantly more local refining capacity at that time, potentially intensifying any impact.
The FBI and others got the attribution right on this one and did so very quickly.
The group behind the ransomware that took down Colonial Pipeline late last week has apologized for the “social consequences,” claiming that its goal is to make money, not cause societal problems.
According to Vice, the group’s apology was posted to its dark web site. It reads:
We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.
Our goal is to make money and not creating problems for society.
From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.
According to NYT cybersecurity reporter Nicole Perlroth, DarkSide isn’t necessarily associated with a specific nationstate, but it does tend to avoid holding victims for ransom if their systems are running in certain Russian and Eastern European languages (see embedded tweet below). Bloomberg reports that the group is known to speak Russian.
The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo
— Nicole Perlroth (@nicoleperlroth) May 10, 2021
Imagine the other worldwide pipeline systems and their respective responses such as all of Europe.