A Criminal Act of Extortion Highlights Americas Need For Better Cybersecurity.
Colonial Pipeline fuel operations resume after making extortion payment to Darkside using Cyber-Currency.
It was reported earlier this week that Colonial Pipeline has no intention of paying ransomware to help repair the country’s largest fuel pipeline. Still, that claim has now been contradicted by two individuals acquainted with the $5 million payment made in cryptocurrency.
The Colonial Pipeline was hit by ransomware six days ago, bringing the east coast of the United States’ transportation system to its knees. Colonial accounts for 45% of the fuel distributed to cities ranging from Atlanta to New York and beyond. They are the leading distributor for crude, gasoline, and jet fuel delivery in the United States. Colonial transports approximately 2.5 million barrels per day and transports their petroleum product over 5,500 miles of pipeline.
On Monday, the FBI put the blame on the ransomware-related Russian gang known as Darkside. Darkside, a group, specializing in digital extortion, said they were not out to disrupt the nation’s energy infrastructure but merely to “make money.” DarkSide demands ransom from major companies by seizing their sensitive data and threatening to release it if the ransom is not paid.
The company paid the hefty ransom in untraceable cryptocurrency days after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the East Coast. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.
The hackers sent the Colonial a decrypting tool only after receiving the untraceable cryptocurrency payment, allowing them to recover the operator’s disabled computer network.
According to one person involved with the organization’s activities, the method was so sluggish that the company continued to use its own backups to help rebuild the network of the pipeline.
Ransomware is malware that encrypts a company’s files and locks them out of their own computers, which the attackers promise to unlock for a payment. It is believed that the day before the ransom attack, the extortionists entered Colonial’s network using malware and stole 100 gigabytes of data from company servers
“We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” Deputy National Security Advisor Anne Neuberger on Monday.
The FBI has warned against paying the ransom, claiming there is no way to ensure the information will be returned. Still, Colonial Pipeline has been under an immense amount of pressure to resolve this fuel shortage. It’s never a healthy situation to have political, consumer, distributors, and the airline industry simultaneously waiting intently for your resolution.
$5 million may just have been the most intelligent and cheapest solution Colonial could have encountered. But it was still extortion and, in the eyes of former House Speaker Newt Gingrich, “an act of war.”
Transportation Secretary Pete Buttigieg said that the cyberattack served as a reminder that infrastructure is a matter of national security and that increased resilience is needed.
The hack is seen as exposing the vulnerability of critical infrastructure in the United States to emerging modes of cyber threats. Until cybersecurity is enhanced or the criminals stopped, many more ransom payments will be made.
Colonial Pipeline restarts operations, gas prices spike | WNT