- By Steve Smith
- December 23, 2021
Biden declared a state of emergency the ransomware cyber-attack hit the largest fuel pipeline cybersecurity in the US. The affected Colonial Pipeline had the capacity to carry 2.5 million barrels a day – 45% of the East Coast’s supply of diesel, gasoline, and jet fuel.
Cyber-criminals hit the US fuel pipeline cybersecurity on Friday and operators are still working to restore service. The national emergency status enables fuel to be transported by road.
This cyber-attack opens as fear of shortage of fuel following price rising to 2-3% on Monday, or the impact will be far worse if it goes on for much longer.
The ransomware cyber-attack has been confirmed by multiple sources and was caused by a cyber-criminals gang also named as DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100 GB of data hostages.
The operators were forced to switch offline the entire flow of fuel pipeline on Friday after an attack seemed ransomware, that allow the hackers to manipulate the victim’s computer systems or data by installing unlawful software and only hand over the assets once payment is made.
“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline cybersecurity operations and affected some of our IT systems, which we are actively in the process of restoring,” the firm said.
“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
Independent oil market analyst Gaurav Sharma told there is a lot of fuel now stranded at refineries in Texas.
The emergency amendment of the Jones Act enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline’s capacity, he warned.
“Unless they sort it out by Tuesday, they’re in big trouble,” said Mr. Sharma. “The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York.”
He said oil futures traders were now “scrambling” to meet demand, at a time when US inventories are declining, and demand – especially for vehicular fuels – is on the rise as consumers return to the roads and the US economy attempts to shake off the effects of the pandemic.
DarkSide is not the largest such gang in this space, the incident highlights the increasing risk ransomware cyber-attack is posing to critical national industrial infrastructure, not just businesses.
It also marks the rise of an insidious criminal IT ecosystem worth tens of millions of pounds, which is unlike anything the cyber-security industry has ever seen before.
In addition to a notice on their computer screens, victims of a DarkSide attack receive an information pack informing them that their computers and servers are encrypted.
The gang lists all the types of data it has stolen, and sends victims the URL of a “personal leak page” where the data is already loaded, waiting to be automatically published, should the company or organization not pay before the deadline is up.
DarkSide also tells victims it will provide proof of the data it has obtained and is prepared to delete all of it from the victim’s network.
According to Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online, DarkSide operates like a business.
The gang develops the software used to encrypt and steal data, then trains up “affiliates”, who receive a toolkit containing the software, a template ransomware demand email, and training on how to carry out attacks.
The affiliate cyber-criminals then pay DarkSide a percentage of their earnings from any successful ransomware attacks.
And when it released new software in March that could encrypt data faster than before, the gang issued a press release and invited journalists to interview it.
It also works with “access brokers” – nefarious hackers who work to harvest the login details for as many working user accounts on various services as they can find.
Rather than break into these accounts and alert users or the service providers, these brokers sit on the usernames and passwords and sell them off to the highest bidders – cyber-criminal gangs who want to use them to carry out much larger crimes.
You May Also Like To Read…