We all have been feeling the pain at the pump even more lately with sky-rocketing gas prices but in some places, fuel has been completely depleted. This is all due to the Colonial Pipeline attack. This pipeline is one of the largest pipelines in the nation and it was hit by an ongoing ransomware attack that forced the company to shut down operations. People in the Eastern U.S. are seeing “out of fuel” signs posted everywhere and are stockpiling fuel even in storage containers. Roads are looking emptier because no one can go anywhere. It’s the new ghost town.
In a CNN article, it was explained how a Biden Administration cybersecurity official warned the senate about cyberattacks on the nation’s infrastructure which are “growing more sophisticated, frequent and aggressive.” Cybersecurity and Infrastructure Security Agent, Brandon Wales said, “Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains.” How ransomware works is that it locks you out the rightful user of a computer and the computer network and holds it hostage until the victim pays a fee. Ransomware gangs have also threatened to leak sensitive information in order to get victims to meet their demands. The Department of Homeland Security Secretary, Alejandro Mayorkas commented at a press briefing and said, “that threat of ransomware is certainly by no means new.” Is this a look into the future of what is to come? Depletion of our resources?
More than $350 million in losses are attributable to ransomware attacks this year alone. That is a 300% increase over the previous year. Senior White House officials repeatedly said their roles in addressing the latest ransomware incident were limited because the Colonial Pipeline is a private company, even though it controls the gasoline supply to most of the Eastern United States. Colonial has yet to share information with the Federal Government about the vulnerability that the ransomware group Darkside took advantage of so they could infiltrate the fuel company. Now the White House is using this attack as a learning experience for other pipelines and their cybersecurity.
The Biden Administration officials have privately voiced frustration with what they see as Colonial Pipeline’s weak security protocols and a lack of preparation that could have allowed hackers to pull off the ransomware attack. U.S. officials are currently working to track down the specific actors that are responsible for the breach and a key part of the broader effort to bring the individual hackers to justice. Private sector companies also worked with U.S. agencies to take a key server offline, disrupting ongoing cyberattacks against Colonial Pipeline and other ransomware victims.
The move to intervene which allowed Colonial Pipeline to recover some of its stolen data was taken in response to the Darkside attack against the fuel pipeline company. Federal agencies and private companies that control the U.S.-based servers were able to cut off key infrastructure used by the hackers to store stolen data before that information could be relayed back to Russia. The Darkside ransomware group is a well-known threat actor that has compromised numerous victims in recent months. Darkside is known to be based in Eastern Europe and carries out “double extortion” ransomware attacks. This is where they will both encrypt a victim’s data, and then also steal some of the data and threaten to release it to cause reputational damage if the victim does not pay up. Even if a victim has strong backups for their data that allow them to restore the data that was encrypted, the bad actor still has another way to extort the victim.
I followed up to see where the Colonial Pipeline attack was at now and according to Bloomberg, an interview stated that they paid off the Darkside group just $5 million dollars. But it makes you wonder just because you paid them what they wanted, will there be another attack to come? A bigger much larger attack that could not just impact the Eastern U.S. but so much more? The future of our resources can have a scary fate and cyberattacks are making a huge impact. Who knows what the future will hold.