Closed petrol pumps. Long lines for gas stations still open. Die-hearted motorists forced to go to work on a mountain bike. Panic on the Facebook group of a group of friends in Asheville, a medium-sized town of 100,000 people in the mountains of the US state of North Carolina. ‘Get your gas!’ “Make sure you get gas quickly,” a friend said. Petrol was not available in the entire city on Tuesday.
The ‘ransomware’ cyberattack in the colonial pipeline, the largest U.S. oil transportation company that handles almost half of the country’s fuel transport in the east of the country, is beginning to affect the lives of cyber American citizens.
On Friday, Colonial Pipeline announced that hackers had broken into its computer systems. They hijack networks and company data and demand ransom money to restore colonial access to its information technology. As a precaution, the affected company closed its entire pipeline system. For example, the transportation of fuels from Texas to the northeastern United States was halted.
Five questions about one of the biggest ransomware attacks against major U.S. infrastructure to date.
1 What is America noticing?
The colonial pipeline operates an 8,850-kilometer pipeline network to carry petrol, diesel, kerosene and other refineries. For example, the company carries 15 percent of its fuel consumption across the United States. According to experts, it will take 13,000 tanks a day to acquire oil transport from the blocked pipeline.
Petrol and diesel prices at the pump are at three-year highs, Reuters news agency reported on Tuesday. In some regions, motorists may already have stockpiles. The American Automobile Association, the American ANWP, urges motorists not to do this.
The Colonial Pipeline supplies kerosene directly to seven airports in Southeast America. They are now looking into the problems of the pipeline there. American Airlines, one of the largest airlines in the United States, has decided to make additional stops at airports to get more fuel to Charlotte, North Carolina, Honolulu and Boston.
The hacked company said on Monday that it expects most systems to be operational “again by the weekend”.
2 Who are the culprits?
On Monday, Reuters news agency already mentioned the hacker joint DarkSite. On Tuesday, the FBI confirmed that suspicion. According to intelligence, these are Russian-speaking hackers. The malicious software used by the team is designed to prevent computers from being attacked by Cyrillic keyboards. U.S. President Joe Biden said Monday that no evidence of involvement of the Russian government in the cyber attack had been obtained from investigative services. The Russian embassy in the United States on Tuesday denied all responsibility.
Darkshide, which first appeared in August last year, previously said the group’s goal was to make money. “And should not cause problems in the community.” Security experts say the group operates as a professional criminal organization. However, the partnership does not use much advanced technology.
If the group does not get its way, the French news agency AFP reports that the stolen database could be sold to other cybercriminals. The group also threatened to release the stolen data. According to French security experts, a group such as DarkSite is demanding a ransom of $ 200,000 to $ 2 million (6 1.6 million).
DarkSite does not always make cyber attacks. Many digital criminals work through a distributed model for two to three years: they often buy services from various ‘suppliers’.
Hackers occasionally pretend to be digital Robin Hoods: they steal from rich companies and donate to the poor. The The BBC reported in October The group donated $ 10,000 in bitcoins to help an international organization for children. The BBC later reported that the charity had denied the “stolen money”.
3 How were they able to carry out the attack?
It is not yet known how the hackers got into the colonial pipeline. Experts point out that the oil company has been attacked through unsafe remote access.
“Last year’s epidemic and movement restrictions were a reason for many companies to enable remote access from home,” said Stephen van der Waal, of the Dutch branch of the American computer security firm Barracuda. “But as we have seen in other security incidents of operational technology, many of the systems used for this are not properly protected.”
He emphasizes the importance of encryption (data encryption), multiple authentication (not just a username and password) and the possibility that remote employees may not be able to log in to the entire system, but only to a part of the enterprise network where they can actually do so.
Also, email is a weak link in an enterprise network. Through ‘Social Engineering’, a clever test of employees, someone quickly clicks on a link that could affect the computer (and the rest of the network). Attend a video conference, collaborate on a shared document, or think about emails with a link Track-n-TraceMessage of an order.
4 Do you want to pay criminals?
Ransomware attacks are a growing problem for companies, governments and other organizations. Not only in the United States, but also in the Netherlands and other parts of the Western world. Law enforcement agencies encourage refunds to regain access to networks and business-sensitive information. The FBI insisted this week that you only promote other offenders.
Dutch Digital Police, National Center for Cyber Security (NCSS), say it is better not to pay. Victims who have paid seem to still have great difficulty in retrieving all access and information. Not only that, but you never know if the door will open after the criminals have re-entered.
Also read: Ransomware talks: “We agreed to 10 million, didn’t we?”
A White House spokesman on Monday declined to say whether the colonial pipeline had now paid the ransom. The company has not issued any statement regarding the payment. Some experts see this as evidence that hostage takers are being talked about.
5 What is the US government doing?
The White House is working on a plan to strengthen US cyber security. It mainly comes down to greater cooperation and international cooperation between companies and governments. “We urgently need to invest in the protection of our vital infrastructure,” US President Biden said Monday. The incident again shows how vulnerable the United States is in this matter, according to a White House spokesman. Governments in the United States (high and low) have been hit hardest by cybercriminals in recent months. Incidents are now in the tens. The U.S. Energy Regulator on Monday called for stricter safety standards from oil pipeline operators.
A version of this article was published on 12 May 2021 in NRC Handelspot
A version of this article was also published in the NRC on the morning of May 12, 2021