Tag Archive for: Colonial

We regret ‘creating problems’, say Colonial petroleum pipeline hackers

/in


The hacker group blamed for this weekend’s ransomware attack on the Colonial petroleum pipeline has insisted it only wanted to make money and regretted “creating problems for society”.

In a statement posted on Monday, the criminal group known as DarkSide said it was “apolitical” and attempted to deflect blame for the attack on to “partners” that had used its ransomware technology.

The hack has taken a key US oil pipeline offline for three days, threatening to drive up fuel prices and forcing the US government to bring in emergency powers to keep supplies flowing.

“Our goal is to make money, and not creating problems for society,” DarkSide said, adding that it would “check each company that our partners want to encrypt to avoid social consequences in the future”.

Ransomware attacks involve hackers taking control of an organisation’s data or software systems, locking out the owners using encryption until a payment is made.

DarkSide emerged as one of the leading ransomware outfits last August, and is believed to be run from Russia by an experienced team of online criminals. Silicon Valley-based cyber security company CrowdStrike has traced DarkSide’s origins to the criminal hacking group known as Carbon Spider, which “dramatically overhauled their operations” last year to focus on the fast-growing field of ransomware.

“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere,” DarkSide has said previously.

Brett Callow, an analyst at the cyber security group Emisoft, said: “DarkSide doesn’t eat in Russia. It checks the language used by the system and, if it’s Russian, it quits without encrypting.”

He added that the group rented out its services on the dark web. “DarkSide is a ransomware-as-a-service operation. I assume the attack on Colonial was carried out by an affiliate and the group is concerned about the level of attention it has attracted.”

In a sign of how ransomware has become a professionalised industry, DarkSide operates its own “press office” and claims to have an ethical approach to choosing its targets. DarkSide’s website claims that “based on our…

Source…

Russian criminal group suspected in Colonial pipeline ransomware attack

/in


WASHINGTON — A Russian criminal group may be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said Sunday.

The group, known as DarkSide, is relatively new, but it has a sophisticated approach to the business of extortion, the sources said.

Commerce Secretary Gina Raimondo said Sunday that the White House was working to help Colonial Pipeline, the Georgia-based company that operates the pipeline, to restart its 5,500-mile network.

The system, which runs from Texas to New Jersey, transports 45 percent of the East Coast’s fuel supply. In a statement Sunday, the company said that some smaller lateral lines were operational but that the main lines remained down.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.

Raimondo said on CBS’ “Face the Nation” that the effort to restart the network was “an all-hands-on-deck effort right now.”

“We are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply,” she said, adding: “Unfortunately, these sorts of attacks are becoming more frequent. They’re here to stay.”

A White House official said Sunday that the Energy Department is leading the government’s response. Agencies are planning for a number of scenarios in which the region’s fuel supply takes a hit, the official said.

On Saturday, Colonial Pipeline blamed the cyberattack on ransomware and said some of its information technology systems were affected. It said it “proactively” took “certain systems offline to contain the threat.”

The company has not said what was demanded or who made the demand.

Although Russian hackers often freelance for the Kremlin, early indications suggest that this was a criminal scheme — not an attack by a nation-state — the sources said.

But the fact that Colonial had to shut down the country’s largest gasoline pipeline underscores just how vulnerable the U.S. cyber infrastructure is to criminals and…

Source…

Ransom group linked to Colonial Pipeline hack is new but experienced

/in


By Raphael Satter



Projection of cyber code on hooded man is pictured in this illustration picture

© Reuters/Kacper Pempel
Projection of cyber code on hooded man is pictured in this illustration picture

WASHINGTON (Reuters) – The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs.

Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

“It looks like someone who’s been there, done that.”

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

“It’s as if someone turned on the switch,” said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.

Ransom software works by encrypting victims’ data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

Gallery: Could your Facebook profile be up for sale? (Lovemoney)

text, letter: It has recently emerged that personal details from more than 530 million Facebook accounts have been posted to a hacking forum and are on sale for very little money. Information such as email addresses, phone numbers and dates of birth have been breached and, according to CyberNews, the data is likely to have been on sale since last June. It has been reported that 32 million of these accounts were based in the US, and 11 million in the UK. Facebook has responded by stating the data breach was related to an old hack, which was "found and fixed" in August 2019. But as most people don't regularly change email addresses or phone numbers, it remains a security risk for many. The leak could lead to a heavy fine in Europe, where the EU imposed strict General Data Protection Regulation (GDPR) rules from May 2018, unless Facebook can prove that the breach took place before those data regulations were put in place. Ireland's data protection agency launched its own investigation into the data breach last week. But Facebook is not the only business to have a data breach come to light in the past year. Click or scroll through the major company and government hacks and data breaches that have put our valuable information at risk.

DarkSide’s site on the dark web hints at their hackers’ past crimes, claims they previously made millions from extortion and that just because their software was new “that…

Source…

The Colonial Pipeline Hack Is a New Extreme for Ransomware 

/in


For years, the cybersecurity industry has warned that state-sponsored hackers could shut down large swathes of US energy infrastructure in a geopolitically motivated act of cyberwar. But now apparently profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.

On Saturday, the Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500 mile path from Texas to New Jersey, released a statement confirming reports that ransomware hackers had hit its network. In response, Colonial Pipeline says it shut down parts of the pipeline’s operation in an attempt to contain the threat. The incident represents one of the largest disruptions of American critical infrastructure by hackers in history. It also provides yet another demonstration of how severe the global epidemic of ransomware has become.

“This is the largest impact on the energy system in the United States we’ve seen from a cyberattack, full stop,” says Rob Lee, CEO of the critical-infrastructure-focused security firm Dragos. Aside from the financial impact on Colonial Pipeline or the many providers and customers of the fuel it transports, Lee points out that around 40 percent of US electricity in 2020 was produced by burning natural gas, more than any other source. That means, he argues, that the threat of cyberattacks on a pipeline presents a significant threat to the civilian power grid. “You have a real ability to impact the electric system in a broad way by cutting the supply of natural gas. This is a big deal,” he adds. “I think Congress is going to have questions. A provider got hit with ransomware from a criminal act, this wasn’t even a state-sponsored attack, and it impacted the system in this way?”

Colonial Pipeline’s short public statement says that it has “launched an investigation into the nature and scope of this incident, which is ongoing.” Reuters reports that incident responders from security…

Source…