Tech

Ransomware Attackers Stole Heaps of Data Before Gas Pipeline Shutdown

HELD HOSTAGE

The brazen attack against Colonial Pipeline, which could cripple gas supplies on the East Coast, came after the Biden administration declared war on ransomware groups.

2021-05-08T125057Z_2021250685_RC2OBN9BBJ2D_RTRMADP_3_USA-PRODUCTS-COLONIAL-PIPELINE_tuidxl
Reuters

After repeated warnings about the vulnerability of critical infrastructure following a wave of ransomware attacks in recent weeks, a mysterious new criminal group took matters to an extreme this weekend and forced the shutdown of one of the largest gas pipelines in the U.S.

The hackers had started their blitz on Thursday, nabbing more than 100 gigabytes of data in just two hours and threatening to leak it before before Colonial Pipeline shut the system down on Friday, Bloomberg reported on Sunday, citing sources involved in the investigation.

The FBI, the Energy Department, and the White House are all on the case and assessing the damage after Colonial Pipeline announced Friday it had shut down 5,500 miles of pipeline along the East Coast, potentially disrupting supplies of gasoline and jet fuel in a huge swath of the country. The company, which is responsible for transporting 45 percent of fuel used on the East Coast, said its corporate computer networks had been breached, with ransomware attackers holding data hostage.

ADVERTISEMENT

As of late Saturday, it was not clear if the company had paid the ransom, or if it had any plans to do so to secure the stolen data. Colonial has reportedly hired the private cybersecurity firm FireEye to investigate the attack, but it has offered no time frame for when normal operations will resume. Nor has it disclosed any details on what the attackers have access to, and whether they can control the pipelines.

“Colonial Pipeline is taking steps to understand and resolve the issue,” the company said in a statement. “Our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation.”

In addition to raising concerns about gas supplies for millions on the East Coast, the attack was also particularly biting in light of the Biden administration’s recent promises to crack down on ransomware groups.

The Justice Department launched its own ransomware task force just last month, declaring war on the cyber extortion practice that “jeopardizes the safety and health of Americans.” Likewise, Department of Homeland Security Secretary Alejandro Mayorkas labeled ransomware “one of our most significant priorities” earlier this month.

The matter has taken on a new urgency in light of the devastating SolarWinds attack by Kremlin-backed hackers that left numerous U.S. government agencies exposed and infiltrated by foreign intelligence.

While an investigation into the attack on Colonial Pipeline is ongoing, some cybersecurity experts have attributed it to a ransomware group called DarkSide, which emerged late last summer and has been known to go “against targets in English-speaking countries” while avoiding “targets in countries associated with former Soviet Bloc Nations,” according to Boston-based cybersecurity firm Cybereason. An unnamed former U.S. official also told Reuters that investigators were eyeing DarkSide for the latest breach.

While U.S. officials have attributed the attack to a criminal group, some were quick to point to the intrusion as a wake-up call about the vulnerabilities that allow such criminal groups to pounce.

“The Transportation Security Administration had only six full-time staff on pipeline security as recently as 2019. We cannot ignore the longstanding inadequacies that allowed for, and enabled, cyber intrusions into our critical infrastructure,” Sen. Ed Markey (D-MA) tweeted late Saturday.

“An understaffed, underprepared TSA cannot successfully ensure the security of dangerous and susceptible natural gas pipeline infrastructure. The federal inability to prevent cyberattacks turns our pipeline system into a risk for communities,” Markey wrote.

The TSA has said it’s investigating the situation, along with the U.S. Cybersecurity and Infrastructure Security Agency and the Department of Energy.

By Saturday night, the impact of the shutdown on fuel prices was minor, but experts said things could spiral out of control if it continues for more than a few days.

“It’s a serious issue,” Tom Kloza, the global head of energy analysis at Oil Price Information Service, told The New York Times. “It could snarl things up because it is the country’s jugular aorta for moving fuel from the Gulf Coast up to New York.”

Got a tip? Send it to The Daily Beast here.