(Bloomberg) — Colonial Pipeline Co., which manages the largest fuel conduit in the U.S., hired a Chief Information Security Officer nine months after a ransomware attack completely paralyzed its operations, drove up gasoline prices and sparked shortages at filling stations along the East Coast.
The criminal hacking group known as DarkSide, which the FBI has previously said is based in Russia, is being actively hunted by the US Government. The US State Department is offering up to $10 million for information leading to the identification or location of senior members of a Russian-speaking ransomware gang known as DarkSide that hacked Colonial Pipeline.
An extra $5 million reward is being offered for any information about people conspiring to participate with DarkSide in ransomware attacks. This is the latest step bt the US to put pressure on cyber criminals that have extorted millions of dollars from US companies and threatened critical infrastructure.
In May, a DarkSide ransomware attack shut down a vital 5,500-mile-long fuel pipeline on the east coast of the US. The pipeline carries 45% of the fuel used on the east coast.The Colonial Pipeline operating company was forces to shut down its operations after the attack, causing widespread fuel shortages
President Biden subsequently appealed to Russian President Vladimir Putin to take action against ransomware groups operating from Russia.
The US Department said in a statement, “In offering this reward, the United States demonstrates its commitment to protecting ransomware victims around the world from exploitation by cyber criminals. The United States looks to nations who harbour ransomware criminals that are willing to bring justice for those victim businesses and organisations affected by ransomware.”
DarkSide is though to have extorted over $90 million in ransom payments from 47 victims, according to crypto-currency analysis company Elliptic, although the FBI was successful in recovering the majority of the ransom paid by Colonial Pipeline, by seizing 63.7 Bitcoins before they could be extracted from US jursidiction.
The US government reward for information about DarkSide comes off the back of a recent law enforcement operation against the REvil ransomware gang, where the Tor servers associated with REvil were seized in what was called a ‘multi-country’ hack-back operation.
That operation was carried out by Ukraine’s law enforcement and further arrests have been made…
For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security.
The Colonial Pipeline ransomware attack in May of 2021 caused many gas shortages. It also resulted in an Executive Order from the Biden administration to “improve the nation’s cybersecurity and protect federal government networks.” The EO press release noted, “public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” But what motivates these attackers?
Hollywood movies and television series have long depicted hackers as teenagers huddled in a basement or dorm room, hacking into systems to change their grades or just to cause a little mayhem. The mischief-minded nerdy teens or collegiate hacker groups do exist in real life, for sure. But those stories are rare, and the impact of hacks by mischievous “script kiddies” is usually very minor. It’s more of competition at that age. While the pride of “cracking” a device or “pwning” someone is a real feeling among cybercriminals, most don’t do it for fun. Instead, most cyberattackers are motivated by money. Let’s look at the Colonial Pipeline as an example.
On May 7, 2021, a group of cybertattackers known as DarkSide used ransomware to attack the business networks of Colonial Pipeline, and the pipeline management quickly shut down the pipeline systems too.
A few days later, the Darkside website hosted a statement about the motivation of the attack, which said:
“We are apolitical, we do not participate in geopolitics, [you] do not need to tie us with a defined government and look for … our motives… Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Granted, if this statement came from criminals, it could be a partial or complete lie. But for the…
On Wednesday, President Biden signed a National Security Memorandum that aims to improve national cybersecurity.
© Provided by Popular Science
It directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST) to collaborate with other agencies to develop cybersecurity performance standards for companies across the US that provide essential services like power, water, and transportation. When systems that control these vital infrastructures malfunction or are interrupted because of an incident such as a ransomware attack, it can jeopardize national security, economic security, as well as public health and safety.
Load Error
The memorandum also formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative, which is a voluntary, collaborative effort between the federal government and the critical infrastructure community to establish systems that can detect cyberthreats and send timely alerts. The ICS Initiative kicked off in mid-April with an Electricity Subsector pilot, in which the Department of Energy worked with over 150 electricity utilities to plan and deploy cybersecurity tech for their control systems. Officials also gathered a number of utility and pipeline CEOs to brief them on cybersecurity threats.
The Department of Homeland Security’s Transportation Security Administration (TSA) rolled out a directive earlier this year requiring critical pipeline owners and operators to report cybersecurity incidents as well as have their current practices reviewed by a designated Cybersecurity Coordinator after a major petroleum pipeline was attacked by ransomware in May.
[Related: How a ransomware attack shut down a major US fuel pipeline]
And last week, the TSA issued a second directive which requires owners and operators of pipelines that transport hazardous liquids and natural gas to instate measures that can protect against ransomware and other cyber attacks. They also require the development of a recovery plan. Owners will also have to review their cybersecurity design every year.
“Recent…
![](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"53","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAMFSZY.img?h=533&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAMFSZY.img?h=416&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAMFSZY.img?h=416&w=624&m=6&q=60&o=f&l=f"}})