‘Most Significant And Successful Attack On Energy Infrastructure … In The United States’: Cyberattack Hits Colonial Pipeline
By Hank Berrien - The Daily Wire
https://i.imgur.com/k2iumLAl.jpg
In what was called “the most significant and successful attack on energy infrastructure we know of in the United States, a cyberattack was launched on the largest refined products pipeline in the United States, the Colonial Pipeline, on Friday, and if the subsequent outage is not corrected within days, the eastern half of the United States, which reportedly receives 45% of fuel from the pipeline, could see a surge in gas, oil, and diesel prices.
One expert told Politico the ransomware attack was “the most significant and successful attack on energy infrastructure we know of in the United States.” Politico reported, “The attack on the Colonial Pipeline, which runs 5,500 miles and provides nearly half the gasoline, diesel and jet fuel used on the East Coast, most immediately affected some of the company’s business-side computer systems — not the systems that directly run the pipelines themselves. The Georgia-based company said it shut down the pipelines as a precaution and has engaged a third-party cybersecurity firm to investigate the incident.”
“Administration officials said they believed the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States. But at times, such groups have had loose affiliations with foreign intelligence agencies and have operated on their behalf,” The New York Times reported.
Mike Chapple from University of Notre Dame´s Mendoza College of Business, a former computer scientist with the National Security Agency, said, “The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren´t in place,” the Daily Mail reported.
Oil analyst Andy Lipow said if the shutdown lasted five or six days, price hikes would result, most notably affecting the supply of jet fuel major airports needed to operate.
Rob Lee of the cybersecurity firm Drago noted that if the attack only affected Colonial’s business computer systems, “I think it’s going to be relatively short-lived.”
Patrick De Haan, head of petroleum analysis at Gas Buddy, told Newsweek, “The challenges brought on by the Colonial Pipeline shut down would likely not appear for several days or longer. My guess is they’ll be able to restart the pipeline before any major issues develop. This should NOT be a pricing event- but this may be a supply event. By ‘pricing event’ I meant not one motorists will generally ‘see’ that is, not an overnight spike.”
“Colonial Pipeline announced Saturday morning that it’s working to restore operations and hired a third-party cybersecurity firm to investigate the targeted ransomware attack,” Newsweek added.
“The private cybersecurity firm FireEye said it’s been hired to manage the incident response investigation,” the Star Tribune reported.
On Saturday. Colonial issued a statement saying that the “incident involves ransomware,” “Colonial Pipeline is taking steps to understand and resolve the issue. Our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation.”
FBI names 'Darkside' as Colonial Pipeline cyberattacker
By Brooke Singman | FOXBusiness
The FBI said Monday that the ransomware gang known as "Darkside" was the group responsible for the attack over the weekend that forced the shutdown of the Colonial Pipeline networks responsible for carrying gasoline from Texas to the Northeast.
"The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks," the FBI said in a statement Monday. "We continue to work with the company and our government partners on the investigation."
A senior Department of Justice source told FOX Business that the investigation into the attack is ongoing due to the involvement of ransomware, labeling the sophistication of the tools involved "very high."
Darkside announced its existence in August 2020, and claims it does not attack medical, educational or government targets – only large corporations – and that it donates a portion of what it takes to charity.
The group will harvest data from a victim’s server, then encrypt it and request a ransom. The group then will upload the data to a leak website on the dark web, which will publish should it not receive the ransom, risking sensitive data loss for any victim organization.
Darkside has advertised stolen documents from more than 80 companies across the U.S. and Europe on its website.
Colonial Pipeline, in a statement Monday, said they are dedicating resources to "restoring pipeline operations quickly and safely."
"Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response," the company said.
The company added that its operations team is "executing a plan that involves an incremental process that will facilitate a return to service in a phased approach"— a plan based on "a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week."
"We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery," Colonial continued. "Actions taken by the Federal Government to issue a temporary hours of service exemption for motor carriers and drivers transporting refined products across Colonial’s footprint should help alleviate local supply disruptions and we thank our government partners for their assistance in resolving this matter."
Fox News' Jake Gibson, David Spunt, Mark Meredith, Peter Aitken and The Associated Press contributed to this report.
Colonial Pipeline paid hackers almost $5 million in ransom: Report
by Nihal Krishan - Washington Examiner
https://i.imgur.com/3FW4lVJ.jpg
Colonial Pipeline reportedly paid almost $5 million to the hackers responsible for the cyberattack that forced the shutdown of its gas infrastructure.
Colonial Pipeline paid the ransom amount using cryptocurrency within hours of the attack, highlighting the pressure the company faced to get gas flowing again to customers on the East Coast, according to Bloomberg.
This contradicts reports from earlier this week that the company had no plans of paying a fee to decrypt important data files and help get the gas pipeline up and running again.
After receiving the ransom amount, the hackers gave Colonial Pipeline a decrypting tool to get access to its data again and restore the broken network. However, the hackers' tool was so slow and ineffective that the company used its own data backups to help bring the system back to life, Bloomberg reported.
The FBI confirmed on Monday that DarkSide ransomware was responsible for the Colonial Pipeline attack. DarkSide is a group of organized hackers selling software hacking tools to other criminals to carry out attacks on wealthy organizations and entities, according to the cybersecurity firm Cybereason.
The FBI discourages companies from paying ransom to hackers.
“Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI says in its guidance.
The Colonial Pipeline is the largest gas pipeline in the country, with 5,500 miles of pipeline from Texas to New Jersey, and delivers 45% of the fuel for the East Coast.
The company announced it restarted operations on Wednesday, but the cyberattack has already caused severe gas shortages in the South for multiple days this week.