Pipeline Ransom Has Been Paid

Uploaded on 2021-05-15 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Production-Energy

The Colonial Pipeline company has paid $5 million to the DarkSide, a criminal hacking group, to restore operations after a ransomware attack paralysed fuel supplies across the US eastern seaboard. 

DarkSide are the suspected Russian-based group that the FBI has said was responsible for the attack, has told its affiliates it is 'closing its services', according  to FireEye, the leading cyber security group appointed to investigate the incident. 

Experts are warning that ransomware attacks, which are partly ransom, partly blackmail, are becoming more frequent, as the often Russia-based hackers are becoming more sophisticated with their hacking cyber attacks which have hit power generation, federal and local government agencies, water treatment plants and even police departments across the US.

Hit by a cyber attack, the operator of a major US fuel pipeline was forced to shut down service that is currently causing gas shortages throughout the Southeast. And the US sanctioned the Kremlin recently for a hack of federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterised as an intelligence-gathering operation.

As the US was focused on the pipeline attack, another hacker group hit the Washington DC Metro Police.  A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyber attack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments. “A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers,” said Darksupp, the operator of the Darkside ransomware in a post.  “Now these servers are unavailable via SSH, and the hosting panels are blocked,” said the Darkside operator while also complaining that the web hosting provider refused to cooperate.

In addition, the Darkside operator also reported that crypto currency funds were also withdrawn from the gang’s payment server, which was hosting ransom payments made by victims. 

The funds, which the Darkside gang was supposed to split between itself and its affiliates were transferred to an unknown wallet, Darksupp said.

Background

One of the first known cases involving Darkside ransomware occurred in late August 2020. The victim was a Canadian construction firm, which  refused to pay the ransom and instead restored their data and systems from backups.  Another company, hit with the Darkside ransomware around the same time, did pay the ransom, $2 million. The Darkside ransomware locked about 5,000 of the company’s computers and servers, including data backups that they’d kept online. According to Stephen Boyce, a former FBI investigator then working for the US security company Crypsis who led the team that investigated the infection. “Our victim paid, so they were not publicly named and/or shamed,” The the victim was a privately held US-based holding company, which Boyce declined to name.   

FireEye has published a detailed timeline of DarkSide’s movements, revealing that threat actors have “become more proficient at conducting multifaceted extortion operations”, adding that this success has “directly contributed to the rapid increase in the number of high-impact ransomware incidents over the past few years”.and they expect to see varying extortion techniques leveraging DarkSide malware that “will continue to evolve throughout 2021”.

Biden Orders Better Cyber Defence

President  Biden has now signed an Executive Order to improve US cyber defences in light of recent attack meant to strengthen US cybersecurity defences in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country''s public and private sectors are to high-tech spies and criminals operating from half a world away. Since December, the US has been on the receiving end of three of the worst cyber-attacks in history, each one different, as if testing the administration in different ways.

The order comes as the administration has been grappling with its response to a massive breach by Russia of federal agencies and ransomware attacks on private corporations.

The detailed order issues strict deadlines for all government departments to tighten security. It comes as the US deals with a hack on the country's biggest pipeline that has seen fuel shortages and panic-buying across multiple states. Colonial Pipeline says it has restarted its pumps but it will be "several days" until fuel supplies return to normal.

FireEye:    Recorded Future:     Guardian:     Zero Day:   Portswigger:     

 Bloomberg:      BBC:     DTNext:    TEISS:     Image: Unsplash

You Might Also Read:

Running Out Of Cyber Gas:

 

« Stop Taking Risks Online
The Next E-Industrial Revolution »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

LRQA

LRQA

LRQA are a leading global assurance provider, bringing together unrivalled expertise in certification, brand assurance, cybersecurity, inspection and training.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

Avertro

Avertro

Avertro helps leaders manage the business of cyber. We help explain cybersecurity to executives, forecasting outcomes, right-sizing your spend, and validating your cyber strategy.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.