According to a news article, the cyberattack that shut down a major oil pipeline was carried out by a gang notorious for extorting businesses and donating a portion of the ransom money to charity.
Since Friday, the Colonial Pipeline, which transports more than 100 million gallons of fuel a day from Texas to the Northeast, has been out of operation.
According to The Associated Press, the criminal organization known as DarkSide is behind the attack, according to two sources familiar with the federal investigation.
Colonial was the target of a ransomware attack by DarkSide, which paralyzed company networks before requesting a large ransom to reverse the damage.
Colonial announced on Sunday that it is working on a “system restart” plan for the pipeline, which transports about 45 percent of the fuel supply on the East Coast.
“We are working to restore service to other laterals and will put our whole system back online only when we are certain that it is safe to do so and in full compliance with all federal regulations,” the company said in a statement.
Meanwhile, Commerce Secretary Gina Raimondo announced on Sunday that a “all-hands-on-deck” plan to restore operations is underway.
“We are working closely with the business, state, and local authorities to ensure that they are able to resume regular operations as soon as possible and that there are no supply disruptions,” Raimondo said.
DarkSide says that it does not threaten hospitals, nursing homes, educational institutions, or government institutions and that a majority of its profits are donated to charity. It has been operating since August, and it is known to avoid attacking organizations in former Soviet bloc countries, as is typical of the most powerful ransomware gangs.
Colonial declined to say whether it had paid or was negotiating a ransom, and DarkSide did not respond to an Associated Press reporter’s questions about the attack on its dark web site.
A victim’s lack of acknowledgment normally means that he or she is negotiating or has already charged.
The Department of Transportation announced that it would loosen hours-of-service rules for drivers transporting gasoline, diesel, jet fuel, and other refined petroleum products, allowing them to work longer or more flexible hours to compensate for any fuel shortages caused by the pipeline shutdown.
Drivers transporting fuel to 17 states and the District of Columbia are subject to this law.
According to a source familiar with the colonial investigation, the attackers also stole data from the business, most likely for extortion purposes.
Since some victims are averse to having their sensitive information dumped online, ransomware criminals may value stolen data more than the leverage gained by crippling a network.
According to security experts, the attack should serve as an alert to operators of vital infrastructures, such as electric and water utilities, as well as electricity and transportation firms, that failing to invest in security puts them at risk of disaster.
Colonial was fortunate, according to Ed Amoroso, CEO of TAG Cyber, that its attacker was ostensibly driven only by profit, not geopolitics.
State-sponsored hackers who want to do more drastic damage use the same intrusion techniques as ransomware gangs.
“It’s a bad sign for businesses vulnerable to ransomware because it means they’re more vulnerable to more extreme attacks,” he said.
During the winters of 2015 and 2016, Russian cyberwarriors, for example, devastated Ukraine’s electrical grid.
In the last year, cyber extortion attempts in the United States have become a death-by-a-thousand-cuts epidemic, with attacks delaying cancer care, disrupting schools, and paralyzing police and city governments.
According to Brett Callow, a threat analyst with the cybersecurity company Emsisoft, Tulsa, Oklahoma, became the 32nd state or local government in the United States to be hit by ransomware this week.
Last year, the average ransom paid in the United States increased by nearly threefold to more than $310,000. According to Coveware, a company that assists victims of ransomware recovery, the average downtime for victims of ransomware attacks is 21 days.
If a ransomware attack is detected, businesses have no choice but to fully restore their infrastructure or pay the ransom, according to David Kennedy, founder, and senior principal security consultant at TrustedSec.
“Ransomware is completely uncontrollable and one of the most serious challenges we face as a country,” Kennedy said. “The issue we have is that most businesses are woefully unprepared to deal with these threats.”
Via pipelines that run from Texas to New Jersey, Colonial transports gasoline, diesel, jet fuel, and home heating oil from Gulf Coast refineries.
Its pipeline system stretches over 5,500 miles (8,850 kilometers) and transports over 100 million gallons (380 million liters) every day.
Gas prices will begin to rise if the outage lasts one to three weeks, according to Debnil Chowdhury of the research firm IHSMarkit.
“I wouldn’t be surprised if we saw a 15- to 20-cent increase in gas prices over the next week or two if this ends up being that large of an outage,” he said.
The Department of Justice has established a new task force to combat ransomware attacks.
While the United States has not experienced any serious cyberattacks on its critical infrastructure, officials claim that Russian hackers have penetrated some key sectors, positioning themselves to cause havoc if armed conflict breaks out.
Although there is no proof that ransomware helps the Kremlin financially, US officials believe President Vladimir Putin enjoys the havoc it causes in the economies of his adversaries.
Iranian hackers have been particularly violent in their attempts to gain access to infrastructure, warehouses, and oil and gas facilities. They hacked into the control system of a US dam in one case in 2013.