Is this an Extension of Red Flag Law(s) by DHS?

Posted on May 17, 2021May 17, 2021 by Denise Simon

JTN: The Department of Homeland Security has launched a $500,000 grant program for research and data collection on insider threats in the country’s law enforcement agencies.

The premise for the grant, “Insider Threats in American Law Enforcement,” is that the U.S. is facing a rising number of internal threats and an understanding of the changing environment is needed.

“Due to the growing number of threats our nation is combating,” the grant synopsis explains, the DHS Science and Technology Directorate “supports the evolving threat landscape of a dynamic world with changing motivations, actors, communication models and weaponry.”

The grant prioritizes data collection and technological innovation as means to identify, understand and combat the purported threat of penetration of U.S. law enforcement agencies by violent extremists.

“Objectives of this effort will identify high quality data to understand the risks posed to the United States by the potential for violent extremist organizations or lone actors to infiltrate law enforcement agencies (LEAs) and other government institutions,” the synopsis states.

While billing U.S. taxpayers $500K for this initiative to understand these clandestine “extremist organizations” infiltrating law enforcement, the grant neglects to define what it means by “extremist organizations.”

The research and data collected under the grant is to be shared with a variety of agencies, including private organizations. Yet civil rights and liberties will not be violated in the combined public-private harvesting and sharing of data about undefined “extremists,” DHS insists.

“Knowledge and findings from this research will be transferred to federal, state, local, and private organizations to enable education and awareness to reinforce a whole-of-society prevention architecture while respecting civil rights and civil liberties,” according to the grant description. “These prevention efforts will equip and empower local efforts — including peers, teachers, community leaders, and law enforcement — to minimize a threat as it evolves while enhancing emergency preparedness and response.”

The grant will task the awardee with understanding law enforcement threats from the perspectives of numerous fields, including including economics, psychology, politics and criminology. “The awardee(s) will assist with a range of activities,” the grant specifies, including designing data collection strategies, collecting data from primary and secondary sources, and analyzing data while identifying subject matter experts to participate in interviews and/or focus groups.”

Analyzing research from these various fields and experts will help fill in the gaps in understanding the threat environment and help “counter the threats posed by violent extremists and violent ideologies to United States LEAs and the public,”

The closing date for the grant applications is May 16, a day after the country concludes National Police Week. The week of May 9-May 15 has been designated as National Police Week since 1962 to recognize the service and sacrifice of federal, state and local law enforcement.

As reported by Just the News this week, the DHS and the Department of Defense have announced internal investigations of “extremism” within their departments, raising alarms among conservative civil liberties watchdogs, as the agencies’ notions of “extremism” were vague and appeared to omit from scrutiny far-left extremist groups implicated in widespread political violence in 2020.

***

Date Issued: Friday, May 14, 2021 02:00 pm ET
View as PDF: National Terrorism Advisory System Bulletin – May 14, 2021 (pdf, 1 page, 359.67KB)

Summary of Terrorism Threat to the U.S. Homeland

The Secretary of Homeland Security has issued a new National Terrorism Advisory System (NTAS) Bulletin regarding the current heightened threat environment across the United States. The Homeland is facing threats that have evolved significantly and become increasingly complex and volatile in 2021. These threats include those posed by domestic terrorists, individuals and groups engaged in grievance-based violence, and those inspired or influenced by foreign terrorists and other malign foreign influences. Social media and online forums are increasingly exploited by these actors to influence and spread violent extremist narratives and activity. Such threats also are exacerbated by the impacts from the ongoing global pandemic.

Duration

Issued: May 14, 2021 02:00 pm
Expires: August 13, 2021 02:00 pm

Additional Details

Violent extremists may seek to exploit the easing of COVID-19-related restrictions across the United States to conduct attacks against a broader range of targets after previous public capacity limits reduced opportunities for lethal attacks.
Historically, mass-casualty Domestic Violent Extremist (DVE) attacks linked to racially- or ethnically-motivated violent extremists (RMVEs) have targeted houses of worship and crowded commercial facilities or gatherings. Some RMVEs advocate via social media and online platforms for a race war and have stated that civil disorder provides opportunities to engage in violence in furtherance of ideological objectives.
Through 2020 and into 2021, government facilities and personnel have been common targets of DVEs, and opportunistic violent criminals are likely to exploit Constitutionally-protected freedom of speech activity linked to racial justice grievances and police use of force concerns, potentially targeting protestors perceived to be ideological opponents.
Ideologically-motivated violent extremists fueled by perceived grievances, false narratives, and conspiracy theories continue to share information online with the intent to incite violence. Online narratives across sites known to be frequented by individuals who hold violent extremist ideologies have called for violence against elected officials, political representatives, government facilities, law enforcement, religious or commercial facilities, and perceived ideologically-opposed individuals.
The use of encrypted messaging by lone offenders and small violent extremist cells may obscure operational indicators that provide specific warning of a pending act of violence.
Messaging from foreign terrorist organizations, including al-Qa‘ida and ISIS, intended to inspire U.S.-based homegrown violent extremists (HVEs) continues to amplify narratives related to exploiting protests. HVEs, who have typically conducted attacks against soft targets, mass gatherings, and law enforcement, remain a threat to the Homeland.
Nation-state adversaries have increased efforts to sow discord. For example, Russian, Chinese and Iranian government-linked media outlets have repeatedly amplified conspiracy theories concerning the origins of COVID-19 and effectiveness of vaccines; in some cases, amplifying calls for violence targeting persons of Asian descent.
DHS encourages law enforcement and homeland security partners to be alert to these developments and prepared for any effects to public safety. Consistent with applicable law, state, local, tribal, and territorial (SLTT) law enforcement organizations should maintain situational awareness of online and physical activities that may be related to an evolving threat of violence.

How We Are Responding

DHS and the Federal Bureau of Investigation (FBI) continue to provide guidance to SLTT partners about the current threat environment. Specifically, DHS has issued numerous intelligence assessments to SLTT officials on the evolving threat.
DHS is collaborating with industry partners to identify and respond to those individuals encouraging violence and attempting to radicalize others through spreading disinformation, conspiracy theories, and false narratives on social media and other online platforms.
DHS has prioritized combatting DVE threats within its FEMA grants as a National Priority Area.
DHS remains committed to identifying and preventing domestic terrorism.

How You Can Help

DHS asks the public to report suspicious activity and threats of violence, including online threats, to local law enforcement, FBI Field Offices, or a local Fusion Center.
If you know someone who is struggling with mental health issues, or may be a danger to themself or others, support is available.

Be Prepared and Stay Informed

Be prepared for any emergency situations and remain aware of circumstances that may place your personal safety at risk.
Maintain digital media literacy to recognize and build resilience to false and harmful narratives.
Make note of your surroundings and the nearest security personnel.
Business owners should consider the safety and security of customers, employees, facilities, infrastructure, and cyber networks.
Government agencies will provide details about emerging threats as information is identified. The public is encouraged to listen to local authorities and public safety officials.

If You See Something, Say Something®. Report suspicious activity to local law enforcement or call 911.

Looks Like Law Enforcement Actually Shutdown DarkSide

Posted on May 15, 2021May 15, 2021 by Denise Simon

A big hat tip to the work of law enforcement but which agency remains unknown at this point.

Shutting down the servers of DarkSide is a great achievement but not before there were other victims such as Toshiba.

A Toshiba Corp (6502.T) unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors.

Toshiba Tec Corp (6588.T), which makes products such as bar code printers and is valued at $2.3 billion, was hacked by DarkSide – the group widely believed to be behind the recent Colonial Pipeline attack, its French subsidiary said.

From Krebs:

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.

“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom.

“Hosting support, apart from information ‘at the request of law enforcement agencies,’ does not provide any other information,” the DarkSide admin says. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address.”

DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.

“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions read.

The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.

The REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the “social sector” (defined as healthcare and educational institutions) and organizations in the “gov-sector” (state) of any country. Affiliates also will be required to get approval before infecting victims.

The new restrictions came as some Russian cybercrime forums began distancing themselves from ransomware operations altogether. On Thursday, the administrator of the popular Russian forum XSS announced the community would no longer allow discussion threads about ransomware moneymaking programs.

“There’s too much publicity,” the XSS administrator explained. “Ransomware has gathered a critical mass of nonsense, bullshit, hype, and fuss around it. The word ‘ransomware’ has been put on a par with a number of unpleasant phenomena, such as geopolitical tensions, extortion, and government-backed hacks. This word has become dangerous and toxic.”

In a blog post on the DarkSide closure, cyber intelligence firm Intel 471 said it believes all of these actions can be tied directly to the reaction related to the high-profile ransomware attacks covered by the media this week.

“However, a strong caveat should be applied to these developments: it’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” Intel 471 wrote. “A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants. Additionally, the operators will have to find a new way to ‘wash’ the cryptocurrency they earn from ransoms. Intel 471 has observed that BitMix, a popular cryptocurrency mixing service used by Avaddon, DarkSide and REvil has allegedly ceased operations. Several apparent customers of the service reported they were unable to access BitMix in the last week.”

***

“The funds, which the Darkside gang was supposed to split between itself and its affiliates (the threat actors who breach networks and deploy the ransomware), were transferred to an unknown wallet, Darksupp said.” reported TheRecord.

The news was revealed by a member of REvil ransomware gang, known as ‘UNKN,’ in a forum post on the Exploit hacking forum. The post was first spotted by Recorded Future researcher Dmitry Smilyanets, it includes a message allegedly from DarkSide explaining how the gang lost access to their blog, payment servers, and DDoS servers as a result of an action conducted by law enforcement action. source

“Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely:

Blog.

Payment server.

DOS servers.”

reads the post from UNKN. “Now these servers are unavailable via SSH, the hosting panels are blocked. Hosting support, apart from information “at the request of law enfocement agencies”, does not provide any other information.”

More Exact Colonial Pipeline Hack Details

Posted on May 13, 2021May 13, 2021 by Denise Simon

It is prudent to review several sources for the real evidence and details and most often non-government companies are the ‘go-to’ places for that. Government spins stuff but private cyber experts offer up great context and such is the case below.

FBI Confirms Darkside Behind Colonial Pipeline Ransomware ... source

As a primer, CISA is a government agency launched by the Trump administration for all the right reasons.

Alert (AA20-049A)

Ransomware Impacting Pipeline Operations

But read on.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an Alert that offers a set of best practices to protect against ransomware-induced business disruptions. The Alert was prompted by the attack against Colonial Pipeline, and it includes in its introductory section the preliminary conclusion that DarkSide ransomware affected Colonial’s IT systems only, and had no direct effect on the company’s OT networks. The best practices CISA advocates are familiar. The Alert closes with a statement strongly discouraging any victim from paying the ransom their attackers demand: “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”

FireEye yesterday published a report on DarkSide that emphasizes the group’s ransomware-as-a-service model. It’s a selective operation (criminal applicants for affiliate status are, for example, interviewed before being given access to DarkSide’s control panel) but it’s also not a monolithic one. FireEye’s Mandiant unit currently tracks five “clusters” of DarkSide threat activity. The affiliate model DarkSide uses shares criminal profits: “Affiliates retain a percentage of the ransom fee from each victim. Based on forum advertisements, this percentage starts at 25 percent for ransom fees less than $500,000 USD and decreases to 10 percent for ransom fees greater than $5M USD.”

Colonial Pipeline’s website came back online late yesterday, newly armored with a reCAPTCHA landing page. The company published an update in which it reported progress toward resumption of refined petroleum deliveries, with some 967,000 barrels delivered to Atlanta, Belton and Spartanburg in South Carolina, Charlotte and Greensboro in North Carolina, Baltimore, and Woodbury and Linden (close to the Port of New York and New Jersey). Some lines have been operated under manual control since Monday, at least, and have been moving existing inventory. As the company prepares to restart deliveries, they’ve taken delivery of an additional two million barrels, which they’ll ship once service is restored.

The company appears also to be addressing some concerns about its pipelines’ physical security, having “increased aerial patrols of our pipeline right of way and deployed more than 50 personnel to walk and drive ~ 5,000 miles of pipeline each day.” (hat tip to CyberWire)

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Pipeline operators were warned about potential attacks in 2020

Interesting forensic finding on Colonial Pipeline: They were STILL using a vulnerable version of Microsoft Exchange (the same systems exploited by Chinese hackers that was revealed in March), among other notable lapses. Per Coalition. pic.twitter.com/TvsEN8S3Ew

— Nicole Perlroth (@nicoleperlroth) May 11, 2021

“Energy Sector…developed the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity…sector’s vision that “by 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber-incident while sustaining critical functions…”

A Chinese Freeze Dried Virus Part of Warfare?

Posted on May 10, 2021May 10, 2021 by Denise Simon

“The PLA is engaging in irregular warfare today,” the West Point paper asserts. “China is employing lawfare to achieve strategic aims. The maritime militia is enforcing China’s sovereignty claims in the East and South China Seas against US partners and allies.”

And it has already weaponised international information flows and channels of influence, along with cyber, economic – and psychological – tactics. Source

Primer: Chinese scientists have been preparing for a Third World War fought with biological and genetic weapons including coronavirus for the last six years, according to a document obtained by US investigators.

The bombshell paper, accessed by the US State Department, insists they will be ‘the core weapon for victory’ in such a conflict, even outlining the perfect conditions to release a bioweapon, and documenting the impact it would have on ‘the enemy’s medical system’.

This latest evidence that Beijing considered the military potential of SARS coronaviruses from as early as 2015 has also raised fresh fears over the cause of Covid-19, with some officials still believing the virus could have escaped from a Chinese lab.

***

Before Covid-19, did we actually know who Anthony Fauci was and what he is about? Since 1984, he has been the Director of NIAID. His portfolio says is complete with prevention, diagnosis and treatment(s) of infectious diseases. Remember the Ebola crisis? Did we hear his name back then and did the Obama administration hire Fauci for guidance on the Ebola outbreak? Nah. What about Zika? Remember that one? Still we did not hear from Dr. Fauci. According to his professional profile, Fauci advised and served seven presidents. Really? Did Dr. Fauci even advise presidents on all things pandemic, virus or risks from Wuhan? If so….where is the evidence?

According to the National Institute of Health website going back to 2018, there is a profound ‘Serological Evidence of Bat SARS-Related Coronavirus Infections in Humans, China dissertation complete with references and footnotes.

Notice this is a partial screen shot in case it gets deleted by NIH. But note the dates in the summary. Further in the summary –> We conducted a virus neutralization test for the six positive samples targeting two SARSr-CoVs, WIV1 and WIV16 (Ge et al. 2013; Yang et al. 2016). None of them were able to neutralize either virus. These sera also failed to react by Western blot with any of the recombinant RBD proteins from SARS-CoV or the three bat SARSr-CoVs Rp3, WIV1, and SHC014. We also performed viral nucleic acid detection in oral and fecal swabs and blood cells, and none of these were positive.

Further in the study is this notation:

Acknowledgements

This study was jointly funded by the National Natural Science Foundation of China Grant (81290341) to ZLS; the National Institute of Allergy and Infectious Diseases of the National Institutes of Health (Award Number R01AI110964) to PD and ZLS, United States Agency for International Development (USAID) Emerging Pandemic Threats PREDICT project Grant (Cooperative Agreement No. AID-OAA-A-14-00102) to PD; and Singapore NRF-CRP Grant (NRF2012NRF-CRP001–056) and CD-PHRG Grant (CDPHRG/0006/2014) to LFW.

We have some harder questions to ask of Dr. Fauci and a few other U.S. agencies…right? YES.

So, back to the paper originally released by the Australian and the DailyMail:

The authors of the document insist that a third world war ‘will be biological’, unlike the first two wars which were described as chemical and nuclear respectively.

Referencing research which suggested the two atomic bombs dropped on Japan forced them to surrender, and bringing about the end of WWII, they claim bioweapons will be ‘the core weapon for victory’ in a third world war.

The document also outlines the ideal conditions to release a bioweapon and cause maximum damage.

The scientists say such attacks should not be carried out in the middle of a clear day, as intense sunlight can damage the pathogens, while rain or snow can affect the aerosol particles.

Instead, it should be released at night, or at dawn, dusk, or under cloudy weather, with ‘a stable wind direction…so that the aerosol can float into the target area’.

Meanwhile, the research also notes that such an attack would result in a surge of patients requiring hospital treatment, which then ‘could cause the enemy’s medical system to collapse’.

Other concerns include China’s ‘Gain of Function’ research at the Wuhan Institute of Virology – near where the first Covid outbreak was discovered – at which virologists are creating new viruses said to be more transmissible and more lethal.

MP Tom Tugendhat, chairman of the foreign affairs committee, said: ‘This document raises major concerns about the ambitions of some of those who advise the top party leadership. Even under the tightest controls these weapons are dangerous.’

Chemical weapons expert Hamish de Bretton-Gordon said: ‘China has thwarted all attempts to regulate and police its laboratories where such experimentation may have taken place.’

The revelation from the book What Really Happened in Wuhan was reported yesterday.

The document, New Species of Man-Made Viruses as Genetic Bioweapons, says: ‘Following developments in other scientific fields, there have been major advances in the delivery of biological agents.

‘For example, the new-found ability to freeze-dry micro-organisms has made it possible to store biological agents and aerosolise them during attacks.’

It has 18 authors who were working at ‘high-risk’ labs, analysts say.

Australian Strategic Policy Institute executive director Peter Jennings also raised concerns over China’s biological research into coronaviruses potentially being weaponised in future.

Additionally in the article :

Only this week, Brazil President Jair Bolsonaro appeared to strongly criticise China by accusing it of creating Covid to spark a chemical ‘warfare.’

The comments were made during a press conference on Wednesday as the hardline leader sought to further distance himself from the growing attacks over his domestic handling of a pandemic that has produced the second-highest death toll in the world.

‘It’s a new virus. Nobody knows whether it was born in a laboratory or because a human ate some animal they shouldn’t have,’ Bolsonaro said.

‘But it is there. The military knows what chemical, bacteriological and radiological warfare. Are we not facing a new war? Which country has grown its GDP the most? I will not tell you.’

Since we can no longer get reliable information from our current government officials, perhaps we should ask Brazil or Australia, right?

Scientists studying bat diseases at China‘s maximum-security laboratory in Wuhan were engaged in a massive project to investigate animal viruses alongside leading military officials – despite their denials of any such links.

Documents obtained by The Mail on Sunday reveal that a nationwide scheme, directed by a leading state body, was launched nine years ago to discover new viruses and detect the ‘dark matter’ of biology involved in spreading diseases.

One leading Chinese scientist, who published the first genetic sequence of the Covid-19 virus in January last year, found 143 new diseases in the first three years of the project alone.

The fact that such a virus-detection project is led by both civilian and military scientists appears to confirm incendiary claims from the United States alleging collaboration between the Wuhan Institute of Virology (WIV) and the country’s 2.1 million-strong armed forces. Continue reading in full here.

What does Canada know?

National Microbiology Lab in Winnipeg gets $5M to expand ...

In part:

In July 2019, a rare event occurred in Canada, whereby a group of Chinese virologists were forcibly dispatched from the Canadian National Microbiology Laboratory (NML) in Winnipeg, a facility they worked in, running parts of the Special Pathogen Programme of Canada’s Public Health Agency.1 Experimental infections – including aerogenic ones – of monkeys with the most lethal viruses found on Planet Earth comprise nearly a routine therein. Four months earlier, a shipment of two exceptionally virulent viruses dealt with in the NML – Ebola and Nipah viruses – was on its way from NML, ended in China, and has thereafter been traced and regarded to be improper, specifically put as “possible policy breaches”, or rather but an “administrative issue”, ostensibly.2

Yet the scope of this incident is much wider, in actuality. The main culprit seems to be Dr. Xiangguo Qiu, an outstanding Chinese scientist, born in Tianjin. Heading until recently the Vaccine Development and Antiviral Therapies section of the Special Pathogens Programme, she primarily received her medical doctor degree from Hebei Medical University in China in 1985 and came to Canada for graduate studies in 1996.3 Later on, she was affiliated with the Institute of Cell Biology and the Department of Pediatrics and Child Health of the University of Manitoba, Winnipeg, not engaged with studying pathogens.4 But a shift took place, somehow. Since 2006,5 she has been studying powerful viruses, Ebola virus foremost, in the NML. The two viruses shipped from the NML to China – Ebola and Nipah – were studied by her in 2014, for instance (together with the viruses Machupo, Junin, Rift Valley Fever, Crimean-Congo Hemorrhagic Fever and Hendra).6 Yet utmost attention has been paid to Ebola, with the highly legitimate aim of developing effective prophylaxis and treatment for infected people. Inevitably, her works included a variety of Ebola wild strains – among them the most virulent one, with 80% lethality rate – and much relied on experimental infections of monkeys, including via the airways.7 Remarkable achievements were attained, indeed, and Dr. Qiu accepted the Governor General’s Innovation Award in 2018. More here.

Even media in India is asking for the same transparency on the Canadian component:

Source: China has been a signatory to the Biological Weapons Convention since 1984, and has repeatedly insisted it is abiding by the treaty that bans developing bio-weapons.

But suspicions have persisted, with the U.S. State Department and other agencies stating publicly as recently as 2009 that they believe China has offensive biological agents.

Though no details have appeared in the open literature, China is “commonly considered to have an active biological warfare program,” says the Federation of American Scientists. An official with the U.S. Army Medical Research Institute of Chemical Defence charged last month China is the world leader in toxin “threats.”

In a 2015 academic paper, Shoham – of Bar-Ilan’s Begin-Sadat Center for Strategic Studies – asserts that more than 40 Chinese facilities are involved in bio-weapon production.

China’s Academy of Military Medical Sciences actually developed an Ebola drug – called JK-05 — but little has been divulged about it or the defence facility’s possession of the virus, prompting speculation its Ebola cells are part of China’s bio-warfare arsenal, Shoham told the National Post.

The Harbinger of the Colonial Pipeline Ransomware

Posted on May 10, 2021May 10, 2021 by Denise Simon

The harbinger is what protections against hacks and ransomware are underway? Stopping oil and gas flow and delivery is how to stop life and economies. Apply some critical thinking here…it goes way beyond cost as supply is crucial. If the FBI was well aware of the DarkSide in 2020….we need to rethink the Bureau completely.

PC Magazine provides this update in part:

The FBI today confirmed that the cyberattack that forced Colonial Pipeline to take its network offline over the weekend is due to ransomware known as DarkSide.

“The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks,” the agency says. “We continue to work with the company and our government partners on the investigation.”

During a Monday White House press briefing, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, said the FBI has been investigating the DarkSide variant since October 2020, and has determined that it’s a ransomware-as-a-service attack, meaning “criminal affiliates conduct attacks and then share the proceeds with ransomware developers,” she said.

Though news reports have tied DarkSide to Russian operatives, President Biden said Monday that “so far, there’s no evidence…from our intelligence people that Russia is involved, although there is evidence that the actors [behind the ransomware are] in Russia, [so] they have some responsibility to deal with this.”

Colonial Pipeline cyberattack shuts down pipeline that ...

The Chicago Tribune along with other media sources post the notion that this should not last long:

The operator of a major U.S. pipeline hit by a cyberattack said Monday it hopes to have service mostly restored by the end of the week.

Colonial Pipeline offered the update after revealing that it had halted operations because of a ransomware attack the FBI has linked to a criminal gang.

The ransomware attack on the pipeline, which the company says delivers roughly 45% of fuel consumed on the U.S. East Coast, raised concerns that supplies of gasoline, jet fuel and diesel could be disrupted in parts of the region if the disruption continues.

At the moment, though, officials said there is no fuel shortage.

The Colonial Pipeline transports gasoline and other fuel through 10 states between Texas and New Jersey, according to the company.

Colonial is in the process of restarting portions of its network. It said Sunday that its main pipeline remained offline, but that some smaller lines were operational. The company has not said when it would completely restart the pipeline.

“The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices,” said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. But the Northeast had significantly more local refining capacity at that time, potentially intensifying any impact.

The FBI and others got the attribution right on this one and did so very quickly.

The group behind the ransomware that took down Colonial Pipeline late last week has apologized for the “social consequences,” claiming that its goal is to make money, not cause societal problems.

According to Vice, the group’s apology was posted to its dark web site. It reads:

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives.

Our goal is to make money and not creating problems for society.

From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

According to NYT cybersecurity reporter Nicole Perlroth, DarkSide isn’t necessarily associated with a specific nationstate, but it does tend to avoid holding victims for ransom if their systems are running in certain Russian and Eastern European languages (see embedded tweet below). Bloomberg reports that the group is known to speak Russian.

Source:

The assumption is that Darkside is not nation state affiliated, but like oh-so-many ransomware groups it uses tools like “GetUserDefaultLangID” to perform language checks. If the victim uses any languages below, DarkSide moves on. https://t.co/atMjKSPAJl pic.twitter.com/LNJ0CBDdBo

— Nicole Perlroth (@nicoleperlroth) May 10, 2021

Imagine the other worldwide pipeline systems and their respective responses such as all of Europe.

Natural gas pipelines of Europe and surrounding regions ...