The shutdown of one of the largest gas pipeline operators in the United States has entered its third day after the worst cyberattack to date on critical US infrastructure.
The service, operated by Colonial Pipeline, transports gasoline and other fuels from Texas to New Jersey and supplies nearly half of the fuel consumed on the east coast of the United States.
According to sources close to the investigation, the attack was carried out by a cybercriminal gang known as DarkSide, which cultivates Robin Hood’s image of robbing businesses and cutting charities.
So who are they? And what do we know about the shutdown?
Wait, what happened?
Colonial Pipeline was hit by what it called a ransomware attack. In such attacks, hackers usually block computer systems by encrypting the data and then demand a large ransom to free it.
The company did not say what was requested or who requested it.
A person familiar with the colonial investigation said the attackers also stole data from the company, presumably for extortion purposes.
Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, as some victims are reluctant to have their sensitive information dumped online.
So who are DarkSide?
DarkSide is one of the ransomware gangs that have âprofessionalizedâ a criminal industry that has cost Western countries tens of billions of dollars in losses over the past three years.
They have a mailing list, a press center, a victim helpline, and even a so-called code of conduct.
Their site also features a ‘room of shame’ style gallery containing data leaks from victims who have not paid, announcing documents stolen from more than 80 companies in the United States and Europe.
DarkSide says they don’t attack medical, educational, or government targets – only large corporations – and donate a portion of their catch to charity.
But cybersecurity experts who have followed DarkSide have said the group appears to be made up of veteran cybercriminals who strive to extract as much money as possible from their targets.
âThey are very new but they are very organized,â said Lior Div, managing director of security firm Cybereason.
“Looks like someone who’s been there did that.”
Mr Div said DarkSide came out of nowhere in the middle of last year and immediately sparked a wave of digital crime.
âIt’s like someone flipped on the switch,â he said, noting that more than 10 customers at his company had resisted the group’s break-in attempts in recent months.
How are the authorities reacting?
The Biden administration said an “on the ground” effort is underway to restore operations and avoid disruptions in the fuel supply.
Experts say gasoline prices are unlikely to be affected if the pipeline returns to normal within the next few days, but the incident should serve as a warning to companies about the vulnerabilities they face.
Commerce Secretary Gina Raimondo said on Sunday that the ransomware attacks were “what companies now need to be worried about” and that she would work “very vigorously” with the Department of Homeland Security to resolve the issue, the qualifying as absolute priority for the administration.
âUnfortunately, these types of attacks are becoming more and more common,â she told CBS’s Face the Nation.
“We need to work in partnership with businesses to secure networks in order to defend against these attacks.”
She said President Joe Biden had been briefed on the attack.
“And we are working closely with the company, national and local authorities to ensure that they return to normal operations as quickly as possible and that there are no disruptions in the supply,” said Mrs. Raimondo.
How frequent are these attacks?
Cyber ââextortion attempts in the United States have become a phenomenon of fatal cuts by the thousands over the past year, with attacks on hospitals causing delays in cancer treatment, disrupting education and crippling police and governments. municipal.
Tulsa, Oklahoma, this week became the 32nd state or local government in the country to be attacked by ransomware, according to Brett Callow, threat analyst at cybersecurity firm Emsisoft.
Although the United States has not suffered any serious cyber attacks on its critical infrastructure, officials said Russian hackers in particular are known to have infiltrated certain critical sectors, positioning themselves to do damage if an armed conflict. had to explode.
Iranian hackers have also been aggressive in trying to gain access to utilities, factories, and oil and gas facilities.
In one case in 2013, they broke into the control system of a US roadblock.
AP / Reuters