Ransomware attack shuts down massive 5,500-mile pipeline that transports 45% of East Coast's fuel

[upnorth]

"I can't say I'm surprised, but it's certainly disappointing," says Brett Callow, a threat analyst at antivirus company Emsisoft. "Unfortunately, it'll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they'll keep on hitting it."

In a briefing on Thursday, White House press secretary Jen Pskai emphasized in general that the US government encourages victims not to pay. Others in the administration struck a more measured note. "Colonial is a private company and we'll defer information regarding their decision on paying a ransom to them," said Anne Neuberger, deputy national security adviser for cyber and emerging technologies, in a press briefing on Monday. She added that ransomware victims "face a very difficult situation and they [often] have to just balance the cost-benefit when they have no choice with regards to paying a ransom."

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Stopping payments would go a long way to stopping ransomware.

arstechnica.com

 

[Venustus]

The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms

Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers.

www.technologyreview.com

The irony

 

[Stopspying]

"Following a devastating cyberattack on the Colonial Pipeline, the Transportation Security Administration—which sits within the government’s Department of Homeland Security—will issue its first-ever cybersecurity directive for pipeline companies in the United States, according to exclusive reporting from The Washington Post.

The directives are expected to arrive within the week and will require pipeline companies in the US to report any cyberattacks they suffer to the TSA and the Cybersecurity Infrastructure and Security Agency. Such attacks will be reported by newly designated “cyber officials” to be named by every pipeline company, who will be required to have 24/7 access to the government agencies, The Washington Post reported. Companies that refuse to comply with the directives will face penalties...."

Colonial Pipeline attack spurs new rules for critical infrastructure

The Colonial Pipeline attack has spurred the TSA to issue new cybersecurity rules for pipeline companies in the US, expected this week.

blog.malwarebytes.com

 

[Gandalf_The_Grey]

Colonial Pipeline's $4.4 million ransom payment caught the government crime fighters beating the hackers by surprise. They thought they were winning.

Colonial Pipeline paid a $4.4 million ransom to a cybercrime group on May 8 amid a gas crisis.
That same day, federal agencies worked to stop the criminals from stealing the company's data.
Congress plans to question Colonial in two weeks about the payment and communication with agencies.

Government crimefighters thought they had bested the hackers who caused the gas shortage. Then they found out that Colonial Pipeline had already paid the criminals $4.4 million.

Colonial Pipeline paid ransomware criminals $4.4 million to release their data and systems as federal agencies worked to save the company.

www.businessinsider.com

 

[Stopspying]

"Secret Chats Show How Cybergang Became a Ransomware Powerhouse

As the ransomware industry exploded, a Russian-speaking outfit called DarkSide offered would-be computer crooks not just the tools, but also customer support. We got an inside look..."

Secret Chats Show How Cybergang Became a Ransomware Powerhouse (Published 2021)

As the ransomware industry exploded, a Russian-speaking outfit called DarkSide offered would-be computer crooks not just the tools, but also customer support. We got an inside look.

www.nytimes.com

 

[Venustus]

Hackers breached Colonial Pipeline with one compromised password

The password has since been discovered inside a batch of leaked passwords on the dark web.

www.aljazeera.com

 

[Paul.R]

U.S. law enforcement officials say they have recovered millions worth of Bitcoin that Colonial Pipeline paid to ransomware hackers.

 

[plat]

A little more info on the recovery. Apparently, according to BC, the FBI obtained the private key to the wallet containing most of the ransom.

 

[Kuttz]

U.S. law enforcement officials say they have recovered millions worth of Bitcoin that Colonial Pipeline paid to ransomware hackers.

The first thing is Never pay to ransomware hackers no matter what the consequence is. Secondly the company should sensitize its personnel about ransomware, its working, how to deal with them etc. A simple negligence resulting a huge multi million dollar losses and inconvenience can be easily prevented if people become little more aware of what they are doing.

 

[Paul.R]

The first thing is Never pay to ransomware hackers no matter what the consequence is. Secondly the company should sensitize its personnel about ransomware, its working, how to deal with them etc. A simple negligence resulting a huge multi million dollar losses and inconvenience can be easily prevented if people become little more aware of what they are doing.

All planed stay to the course. June and July big months for the stock market and banks

 

[upnorth]

Colonial Pipeline boss 'deeply sorry' for cyber attack

Joseph Blount said the decision to pay hackers a $4.4m (£3.1m) ransom was the toughest in his career.

www.bbc.com