Sun Sentinel Palm Beach Edition
Cyberattack on US pipeline a wake-up call, experts say
NEW YORK — The shutdown of a vital U.S. pipeline because of a ransomware attack stretched into a third day Sunday, with the Biden administration saying an “all-hands-on-deck” effort is underway to restore operations and avoid disruptions in gasoline supply.
Experts said that gas prices are unlikely to be affected if normal operations resume in the next few days but that the incident — the worst cyberattack to date on critical U.S. infrastructure — should serve as a wake-up call to companies about the vulnerabilities they face. The pipeline, operated by Georgia-based Colonial Pipeline, transports gasoline, diesel, jet fuel and home heating oil from refineries on the Gulf Coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 5,500 miles, transporting more than 100 million gallons a day, or about 45% of fuel consumed on the East Coast, according to the company.
Ransomware attacks are typically carried out by hackers who lock up computer systems by encrypting data and then demand a ransom to release it. Colonial Pipeline has not said what was demanded or who made the demand.
However, a person close to the investigation who spoke on condition of anonymity identified the ransomware gang responsible as DarkSide.
It has been active since August and, typical of the most potent ransomware gangs, is known to avoid targeting organizations in former Soviet bloc nations.
DarkSide is among ransomware gangs that have “professionalized” a criminal industry that has cost Western nations tens of billions of dollars in losses in the past three years.
It tries to promote a Robin Hood image, claiming that it does not attack medical, educational or government targets — only large corporations — and that it donates a portion of its take to charity.
Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are “what businesses now have to worry about,” and that she will work “very vigorously” with the Homeland Security Department to address the problem, calling it a top priority for the administration.
“Unfortunately, these sorts of attacks are becoming more frequent,” she said on CBS’ “Face the Nation. “We have to work in partnership with business to secure networks to defend ourselves against these attacks.”
She said President Joe Biden was briefed on the attack.
“Its an all-hands-on-deck effort right now,” Raimondo said. “And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”
The person close to the Colonial Pipeline investigation said that before activating the ransomware, the attackers stole data.
Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, because some victims are loath to see sensitive information of theirs dumped online.
Colonial did not say whether it has paid or was negotiating a ransom, and DarkSide neither announced the attack on its dark web site nor responded to media queries. The lack of acknowledgment usually indicates a victim is either negotiating or has paid, experts said.
Security experts said the attack should be a warning for operators of critical infrastructure — including electrical and water utilities and energy and transportation companies — that not investing in updating their security puts them at risk to a hacking catastrophe.
Cyberextortion attempts in the U.S. have become a death-by-a-thousands-cuts phenomenon in the past year, with hacking attacks on hospitals, schools, and police and city governments.
Average ransoms paid in the United States jumped nearly threefold to more than $310,000 last year, experts said.
David Kennedy, founder and senior principal security consultant at TrustedSec, said that once a ransomware attack is discovered, companies have little recourse but to rebuild their infrastructure or pay the ransom.
“Ransomware is absolutely out of control and one of the biggest threats we face as a nation,” Kennedy said. “The problem we face is most companies are grossly underprepared to face these threats.”