Ransomware blackmail
paid for pipeline shutdown – LA Times story with this headline:
“Colonial Pipeline paid hackers nearly
$5 million in ransom, sources say”
Colonial Pipeline Co. paid nearly $5 million to Eastern
European hackers on Friday, contradicting reports earlier this week that the
company had no intention of paying an extortion fee to help restore the
country’s largest fuel pipeline, according to two people familiar with the
transaction.
The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring
the immense pressure faced by the Georgia-based operator to get gasoline and
jet fuel flowing again to major cities along the East Coast. Government
officials were made aware that Colonial made the payment.
Once they received the payment, the hackers provided the
operator with a decrypting tool to restore its disabled computer network. The
tool was so slow that the company continued using its own backups to help
restore the system. A representative from Colonial declined to comment, as did
a spokesperson for the NSC (National Security Council).
The hackers, FBI says are
linked to a group called “DarkSide,” specialize in digital extortion and
believed to be located in Russia (but probably not government connected), or in
Eastern Europe.
Related story from the Wall Street Journal
– Biden takes steps to combat hackers and strengthen cybersecurity.
This related Ransomware story from Canada
with two notes:
Note 1 – Most
ransomware gangs nowadays first steal files from a database, then they lock down
the database from any access with strong encryption while demanding payment in untraceable
money.
Note 2 –
Many law enforcement agencies like the FBI are urging victims not to pay any
ransom amount to the hackers as it (1) not only encourages crime but (2)
doesn’t guarantee that a decryption key will be made even after the ransom payment.
My 2 cents: I thought we
did not pay terrorists for their demands.
In this case, the gas
delivery company, Colonial Pipeline, is the largest pipeline system
for refined oil products in the U.S. Their pipeline is 5,500 miles long
and can carry 3 million barrels of fuel per day between Texas and New
York.
It is operated by Colonial
Pipeline Company with their HQ in Alpharetta, GA.
They were founded in 1961 and construction of the pipeline began in 1962.
FYI: Colonial had seven
spills in four years in the late 20th century, three of which (1996 to 1999)
caused significant environmental damage to waterways in the Southeast.
In 2020, Colonial had one
of the largest gasoline spills from a pipelines ever, at 1.2 million gallons,
in a nature preserve in Huntersville, NC.
Seems this company also now
has cyber “spills” too so to speak (pun intended).
Stern steps need to be taken to combat this sort hacking including steps to be able to track and trace cryptocurrency, and including stern steps to the any later proven possible Russian or other EU government-related hackers (which remains to be seen), but hopefully they are not government connected. That would be a serious issue is proven.
Also those countries where DARKSIDE
is operating need to crack down on them and take stern steps to shut them down
and to show that they won’t tolerate such activities and thereby improve
foreign relations as well.
Stay tuned, and thanks for stopping by.
No comments:
Post a Comment