- https://www.cnn.com/2021/05/10/politics/colonial-ransomware-attack-explainer/index.html
- https://www.bloomberg.com/news/articles/2021-05-08/u-s-s-biggest-gasoline-and-pipeline-halted-after-cyberattack?srnd=premium
- https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737
What we know about the pipeline ransomware attack: How it happened, who is responsible and more
The operator of the biggest gasoline pipeline in the U.S. shut down operations late Friday following a ransomware attack that threatens to roil energy markets and upend the supply of gas and diesel to the East Coast.
Ransomware type and specific attack is still unknown or haven't been shared yet
What is a ransomware attack and did this happen out of the blue?
The Colonial Pipeline attack comes amid rising concerns over the cybersecurity vulnerabilities in America's critical infrastructure following a spate of recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation's power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.
Position used to be, don't pay however, that is now isn't as clear of a strategy
An April 2 blog by the cybersecurity firm Cybereason said the people behind DarkSide follow the "double extortion" trend in ransomware, meaning they not only encrypt user data but exfiltrate it and make it public if a ransom payment isn't made
Senior White House officials repeatedly said Monday their roles in addressing the latest ransomware incident were limited because Colonial Pipeline is a private company, even though it controls the gasoline supply to most of the eastern US.
Who is responsible?
The FBI confirmed Monday that a criminal group originating from Russia, named "DarkSide," is responsible for the Colonial pipeline cyberattack.
The group posted a notice on the dark web that their motivation was "only to make money" and claiming it did not carry out the attack on behalf of a foreign government, according to a cyber counterintelligence firm.
so, not a nation-state type attack but affects can be equally paralyzing
The group is part of what's called the "ransomware as a service" trend -- they "rent out their infrastructure to other bad guys," he added.
"You pay a fee to join their service. And then the main threat actor gets a cut of every successful ransomware payment that you make," Liska said.
Are ransomware attacks a new problem?
Simply put, no.
On average, ransomware demands exceeded $100,000 last year and in some cases, were up to tens of millions of dollars, according to the department.
A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?" he told CNN.
procedural and other separation between state and private companies will be drawn closer together
"The threat is not tomorrow's threat, but it is upon us," he said at a US Chamber of Commerce event.
More than $350 million dollars in victim funds were paid as a result of ransomware in the past year, and the rate of ransomware attacks increased over the prior year by more than 300%, he said.
Do victims usually pay the ransom?
While it varies from case to case, the FBI's standing guidance is that victims should not pay a ransom.
However, multiple sources have previously told CNN that the FBI will, at times, privately tell victims they understand if they feel the need to pay, something senior White House officials acknowledged on Monday, saying "companies are in a difficult position."
What does this attack mean for anyone who drives or flies?
Limited supply could mean higher fuel prices for motorists during the spring driving season. US gasoline futures for May delivery gained 1.5% on Monday, rising to $2.16 a gallon. Prices had spiked as much as 4% in early trading.
Many major East Coast airports maintain only three to five days worth of inventory, so a two to five day suspension of a pipeline that in some cases moves fuel directly to major airports -- such as Atlanta's Hartsfield-Jackson Airport -- can have a dramatic impact.
What is the Biden administration doing about it?
But the broader issue of security gaps in the nation's critical systems -- components of which are decades old -- remains a serious question for the White House, which is finalizing an executive order meant to better respond to cyberattacks.
The new task force will unify efforts across the federal government to pursue and disrupt ransomware attackers, according to the memo. Actions could include everything from "takedowns of servers used to spread ransomware to seizures of these criminal enterprises' ill-gotten gains," the memo continued.
