Tag: Colonial

Colonial Pipeline paid $5M ransom someday after hack, CEO tells Senate

Post author By
Post date June 9, 2021

Joseph Blount, JR., President and Chief Executive Officer, Colonial Pipeline is sworn in as he attends a hearing to examine threats to critical infrastructure, focusing on examining the Colonial Pipeline cyber attack at the U.S. Capitol in Washington, U.S., June 8, 2021.

Andrew Caballero-Reynolds | Reuters

WASHINGTON — Colonial Pipeline’s CEO told a Senate committee on Tuesday the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.

Joseph Blount Jr. told members of the Senate Homeland Security and Governmental Affairs Committee in prepared remarks that the company learned of the attack shortly before 5 a.m. on May 7, when an employee discovered a ransom note on a system in the IT network.

The note said hackers had “exfiltrated” material from the company’s shared internal drive, and it demanded approximately $5 million in exchange for the files.

The company was attacked by a ransomware program created by DarkSide, a cyber criminal group believed to operate out of Russia.

Blount said that shortly after discovering the ransom note, the employee notified a supervisor and the decision was made to immediately shut down the entire pipeline.

“At approximately 5:55 A.M. employees began the shutdown process,” Blount wrote. “By 6:10 A.M., they confirmed that all 5,500 miles of pipelines had been shut down.”

The decision to shut down the entire pipeline was driven by “the imperative to isolate and contain the attack to help ensure the malware did not spread to the Operational Technology network, which controls our pipeline operations, if it had not already.”

The shutdown caused major disruptions to gas delivery up and down the East Coast, as trucks struggled to restock gas stations, and long lines developed at pumps, especially in the Southeast. Airline operations also were disrupted.

Blount’s testimony revealed just how quickly the company decided to suspend operations, and it provided new details about the first few days after the attack.

The company believes attackers “exploited a legacy virtual private network profile that was not intended to be in use,” Blount told senators.

But he admitted that the account was not protected by multifactor authentication, which is currently the company standard in most of its operations. Blount said the password was complicated, though. “It was not a ‘Colonial 123’-type password.”

Blount also testified about the approximately $5 million in ransom that the company paid to the DarkSide hackers. He revealed that Colonial Pipeline paid the ransom one day after the attack.

“I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running,” Blount said in his opening statement. “It was one of the toughest decisions I have had to make in my life.”

“At the time, I kept this information close hold because we were concerned about operational security and minimizing publicity for the threat actor,” he said.

In response to a question about whether the company paid ransom to an entity under U.S. sanctions, Blount said the company checked the sanctions list maintained by the Office of Foreign Asset Control before making the payment.

The day before Blount testified, U.S. law enforcement officials announced that they were able to recover $2.3 million in bitcoin from the hacker group.

Blount also told senators that the company contacted the FBI within hours of discovering the attack.

This story will be updated throughout the Senate hearing.

Tags CEO, Colonial, Day, hack, Paid, pipeline, Ransom, Senate, tells

Politics

Colonial Pipeline paid $5 million ransom to hackers

Post author By
Post date May 17, 2021

WASHINGTON – Colonial Pipeline paid hackers a ransom after the company fell victim to a widespread cyber attack, a source familiar with the situation confirmed to CNBC.

A US official who spoke on condition of anonymity confirmed to NBC News that Colonial had paid nearly $ 5 million in ransom to the cybercriminals.

It wasn’t immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. The ransom payment was first reported by Bloomberg.

The previous Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline had paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government’s position not to pay ransom as this could encourage cybercriminals to launch further attacks.

Last week’s attack, carried out by a cyber criminal group called DarkSide, forced the company to shut down about 5,500 miles of pipeline, causing half the fuel supply on the east coast and gasoline shortages in the southeast.

Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

On Monday, White House National Security officials labeled the attack financially motivated but did not say whether the Colonial Pipeline agreed to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

Anne Neuberg, Deputy National Security Advisor for Cyber and Emerging Technologies, speaks about the colonial pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.

Kevin Lemarque | Reuters

“We recognize that cyber attack victims often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. ” about paying a ransom to them, “said Neuberger.

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

“Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future,” added the statement.

Biden told reporters on Monday that the US currently has no information linking the DarkSide group’s ransomware attack to the Russian government.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. You have a certain responsibility to deal with it,” Biden said from the White House on Monday.

He added that he would continue to discuss the situation with Russian President Vladimir Putin.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

On Wednesday, the Colonial Pipeline said in an evening statement that it had resumed operations days after its entire system was shut down due to the cyber attack. The company described its decision to temporarily close its pipeline service as a precautionary measure.

“Some markets served by Colonial Pipeline may or continue to experience intermittent business interruptions during the launch phase. Colonial will and will continue to move as much gasoline, diesel and jet fuel as possible until markets return.” normal, “added the company.

The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, software from IT company SolarWinds was breached, allowing hackers to access communications and data in multiple government agencies.

In April, Washington officially made the Russian foreign intelligence service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as “the largest and most sophisticated attack the world has ever seen”. Microsoft’s systems were also infected with malicious software.

The Russian government denies all allegations behind the SolarWinds hack.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom

Politics

After Colonial Pipeline hack, all organizations want to spice up cyber defenses

Post author By
Post date May 16, 2021

After Colonial Pipeline hack, all organizations need to boost cyber defenses

Storage tanks at a Colonial Pipeline Inc. facility in Avenel, New Jersey on Wednesday, May 12, 2021.

Mark Kauzlarich | Bloomberg | Getty Images

The recent ransomware attack on Colonial Pipeline was an all-too-familiar story for businesses in the United States.

The pipeline, which supplies around 50 million people from the Gulf Coast to the entire east coast with fuel, was closed last Friday as a precautionary measure after a ransomware attack. The company and the US government are continuing to investigate the extent of the impact.

In the past few months, ransomware attacks have hit businesses of all sizes and hospitals in New York, Nebraska, Oregon, and Michigan, among others. Police and sheriff offices, schools, and local governments, from Atlanta to Baltimore to Fisher County, Texas, have suffered a similar fate.

A recent report from the Ransomware Task Force, a group of 60 cybersecurity experts from industry and government, highlights both the alarming increase in the frequency of these attacks and the size of the ransom they are asking for.

It is estimated that $ 350 million in ransom was paid to attackers in 2020 – an increase of more than 300 percent from the previous year – with an average payment of over $ 300,000.

According to a 2021 report, most of the industrial casualties in 2020 were in manufacturing, professional and legal services, and construction. Healthcare, manufacturing, and education companies saw significant increases. Attacks on industries like aerospace also seem to be increasing.

Organizations affected by ransomware are often faced with a very difficult decision: either have to pay a ransom and fuel a criminal market, or refuse to pay and hope that their computer systems can be restored.

If companies decide to pay the ransom to get back up and running quickly, the price can bring their business to the brink of bankruptcy. In addition, there is no guarantee that their systems will be restored.

In short, businesses in every sector and size need to take this threat seriously and take steps today to protect themselves. By the time you face an attack, it will be too late to take proactive action.

Organizations can also lose access to their protected information, including intellectual property, customer and employee data, and suffer reputational costs.

Protecting the American people and businesses from ransomware must be a top priority as a nation. We can no longer look the other way and simply treat ransomware as a nuisance. This latest attack should serve as a reminder to organizations across the country to step up their cyber defenses and stay one step ahead of future threats.

Like most cyber attacks, ransomware exploits the weakest link. Small businesses are particularly at risk as many of them are financially vulnerable and lack the resources to install cybersecurity software, ensure constant technology monitoring, provide staff training, and hire full-time information technology professionals.

It’s no surprise that small businesses make up half to three-quarters of all ransomware victims. And when these companies become targets, it can have devastating and lasting effects, forcing some to permanently close their doors.

The good news is that you don’t have to do it alone and there are affordable solutions for every budget. That’s why the departments of Homeland Security and Commerce are working together to help businesses prevent and respond to ransomware attacks.

A few simple but important steps can go a long way in protecting against this category of malicious cyber activity. Our two departments strive to work with companies and their CEOs.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is well positioned to help organizations take preventative measures to increase resilience before an attack occurs.

CISA recently launched its “Reduce Your Risk of Ransomware” campaign of free public guidance and resources to help companies prepare for these attacks and assess the strength of their company’s cyber stance.

Practical guide

The CISA website also links to the practical guidance from the Department of Commerce’s National Institute of Standards and Technology (NIST), which draws on its in-depth economic and technical expertise. The National Cyber Investigative Joint Task Force has also provided guidance on how to respond to a ransomware attack.

Improving basic cybersecurity hygiene to prevent ransomware is important, but only part of the solution. The Biden Harris Administration coordinates a strategy across government to increase resilience, disrupt and investigate ransomware networks, and bring perpetrators to justice.

However, the federal government cannot fight ransomware on its own. Prevention, disruption and law enforcement require cooperation at all levels of government and in the private sector – both domestically and internationally.

Our departments will continue to advocate a comprehensive approach to combating ransomware to keep our communities safe. The requirements of malicious ransomware attacks require nothing less.

In the coming weeks, we will be stepping up our departments’ relationships with the private sector and exploring new initiatives to support businesses, healthcare systems and local governments. These public-private partnerships will continue to protect our businesses, our economy, and our national security.

Alejandro N. Mayorkas is the US Secretary of Homeland Security and Gina M. Raimondo is the US Secretary of Commerce.

Tags boost, Colonial, cyber, defenses, hack, organizations, pipeline

Business

Colonial Pipeline Hack Reveals Weaknesses in US Cybersecurity

Post author By
Post date May 15, 2021

For years, government officials and industry executives have been running in-depth simulations of a targeted cyberattack on the US power grid or gas pipeline and imagining how the country would react.

But when the real moment came when it wasn’t an exercise, it didn’t look like the war games.

The attacker was not a terrorist group or a hostile state such as Russia, China or Iran, as was assumed in the simulations. It was a criminal blackmail ring. The aim was not to disrupt the economy by taking a pipeline offline, but rather to save company data as a ransom.

The most visible impact – long lines of nervous drivers at gas stations – resulted not from a government response but from a decision by the victim Colonial Pipeline, which controls nearly half of the gasoline, jet fuel and diesel flowing on the east coast, to turn the spigot. This was done out of concern that the malware that had infected their back office functions could make it difficult to bill for the fuel delivered down the pipeline or even spread to the pipeline’s operating system.

What happened next was a vivid example of the difference between table simulations and the cascade of consequences that can follow even a relatively straightforward attack. The episode aftermath is still playing out, but some of the lessons are already clear, showing how far the government and the private sector must go to prevent and manage cyberattacks and put in place fast backup systems in case that critical Infrastructures fail.

In this case, the long-held belief that the pipeline’s operations were completely isolated from the data systems locked down by DarkSide, a gang of ransomware believed to be operating out of Russia, proved false. And the company’s decision to shut down the pipeline sparked a series of dominoes, including panic buying at the pumps and silent fear within the government that the damage could spread quickly.

A confidential assessment by the ministries of energy and homeland security found that the country could only afford three to five days if the colonial pipeline was shut down before buses and other local transport had to cut operations due to the lack of diesel fuel. Chemical plants and refineries would also be shut down as there was no way to sell what they produced, the report said.

And while President Biden’s advisors announced efforts to find alternative ways to get gasoline and jet fuel to the east coast, none were immediately available. There was a shortage of truck drivers and tankers for trains.

“Every fragility has been exposed,” said Dmitri Alperovitch, co-founder of CrowdStrike, a cybersecurity company and now chairman of the Silverado Policy Accelerator think tank. “We learned a lot about what could go wrong. Unfortunately our opponents too. “

The list of lessons is long. Colonial, a private company, may have thought it had an impermeable protective wall, but it was easy to break through. Even after paying the extortionists nearly $ 5 million in digital currency to recover their data, the company found that the process of decrypting its data and turning the pipeline back on was excruciatingly slow, which means it is still It will be days before the east coast comes back to normal.

“It’s not like flicking a light switch,” Biden said Thursday, noting that the 5,500-mile pipeline had never been shut down before.

For the administration, the event was a dangerous week in crisis management. Mr Biden told the aides it was remembered that nothing could cause political damage faster than television images of gas pipes and soaring prices, with the inevitable comparison to Jimmy Carter’s worst moments as president.

Mr Biden feared the situation would raise concerns that the economic recovery is still fragile and inflation will rise if the pipeline is not restarted, the panic subsides and the price cut is nipped in the bud.

In addition to the numerous measures to promote oil traffic on trucks, trains and ships, Mr Biden published a long-standing regulation that aims to prescribe changes in cybersecurity for the first time.

And he suggested that he was ready to take steps the Obama administration hesitated during the 2016 election campaigns – direct measures to repel the attackers.

“We will also be pursuing a measure to compromise its operability,” said Biden, a line suggesting that the United States Cyber Command, the military’s cyberwarfare force, had authority to take DarkSide out of circulation like another ransomware group in the fall before the presidential election.

Hours later, the group’s website went dark. Early Friday, DarkSide and several other ransomware groups, including Babuk, who hacked the Washington DC Police Department, announced they were getting out of the game.

Darkside alluded to disruptive actions by an unspecified law enforcement agency, although it was not clear whether this was the result of US action or pressure from Russia ahead of Mr Biden’s expected summit with President Vladimir V. Putin. And the silence could have simply expressed a decision by the ransomware gang to thwart retaliation by potentially suspending their operations.

The Pentagon’s Cyber Command referred questions to the National Security Council, which refused to comment.

The episode highlighted the emergence of a new “mixed threat” that may emanate from cybercriminals but is often tolerated and sometimes encouraged by a nation that views the attacks as serving their interests. That is why Mr Biden singled out Russia – not as the culprit, but as a nation that is home to more ransomware groups than any other country.

“We do not believe that the Russian government was involved in this attack, but we have strong reasons to believe that the criminals who carried out this attack live in Russia,” said Biden. “We spoke in direct communication with Moscow about the need for responsible countries to take action against these ransomware networks.”

With Darkside’s systems down, it’s unclear how Mr Biden’s government would take further revenge beyond possible charges and sanctions that Russian cybercriminals have not previously deterred. Fighting back with a cyber attack also carries the risk of escalation.

The government must also expect much of America’s critical infrastructure to be owned and operated by the private sector and still ripe for attack.

“This attack showed how bad our resilience is,” said Kiersten E. Todt, executive director of the nonprofit Cyber Readiness Institute. “We are rethinking the threat if we still don’t lay the foundations to secure our critical infrastructure.”

The good news, some officials said, was that the Americans received a wake-up call. Congress faced the reality that the federal government lacks the power to require a minimum level of cybersecurity from the companies that control more than 80 percent of the country’s critical infrastructure.

The bad news is that American opponents – not just superpowers, but also terrorists and cyber criminals – are learning how little it takes to wreak havoc in a large part of the country, even if they don’t break into the core of the electricity grid or the operational control systems, moving gasoline, water, and propane across the country.

Something as basic as a well-designed ransomware attack can easily do the trick while providing plausible denial to states like Russia, China, and Iran, which often appeal to outsiders for sensitive cyber operations.

It remains a mystery how Darkside first broke into Colonial’s business network. The privately owned company has said practically nothing, at least in public, about how the attack unfolded. It waited four days before having significant conversations with the administration, an eternity during a cyberattack.

Cybersecurity experts also note that the Colonial Pipeline never should have shut down its pipeline if it had had more confidence in the separation between its business network and pipeline operations.

“There should definitely be a separation between data management and the actual operating technology,” said Ms. Todt. “For a company that ships 45 percent of its gas to the east coast, frankly, it is inexcusable not to do the basics.”

Other pipeline operators in the US employ advanced firewalls between their data and their operations that only allow data to flow out of the pipeline in one direction and prevent a ransomware attack from spreading.

Colonial Pipeline did not indicate whether this level of security was provided in their pipeline. Industry analysts say many critical infrastructure operators say that installing such one-way gateways along a 5,500-mile pipeline can be complicated or prohibitively expensive. Others say the cost of providing these protections is still cheaper than the losses from potential downtime.

Detering ransomware criminals, whose number and audacity has increased in recent years, will certainly be more difficult than deterring nations. But this week made the urgency clear.

“It’s all fun and games when we steal each other’s money,” said Sue Gordon, former deputy chief director for national intelligence and longtime CIA analyst specializing in cyber issues, at a conference hosted by The Cipher Brief, an online intelligence agency Newsletter. “If we play around with the functioning of a society, we cannot tolerate it.”

Tags Colonial, Cybersecurity, hack, pipeline, Reveals, Weaknesses

Business

DarkSide, Blamed for Colonial Pipeline Assault, Says It Is Shutting Down

Post author By
Post date May 14, 2021

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

The intensive examination after the attack on the Colonial Pipeline clearly unsettled ransomware groups. This week, the operators of REvil and Avaddon, two major Russian-language ransomware platforms, announced tough new rules for the use of their products, including bans on targeting government-affiliated companies, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted on the forum, the administrator drew attention to a “critical mass of damage, nonsense, hype and noise” and said even the spokesman for President Vladimir V. Putin of Russia weighed the colonial whistle attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin was involved in the attack on the pipeline.)

“The word ransom is linked to a whole range of nasty things – geopolitics, extortion, government cyberattacks,” the XSS administrator wrote. “That word has become dangerous and poisonous.”

Even if DarkSide has shut down, the ransomware threat isn’t over. Cybercriminal networks are often disintegrating, regrouping, and renaming themselves to end law enforcement, cybersecurity experts say.

“It is likely that these ransomware operators are trying to get out of the spotlight more than suddenly discovering the flaw in their path,” said Mark Arena, CEO of Intel 471. “A number of operators will most likely continue to be tight on their own affiliated groups operate and reappear under various aliases and ransomware names. “

In fact, DarkSide made no indication that its members are getting out of the ransomware business or even unchecking victims currently infected with the group’s malware. In its statement, DarkSide said it would hand over its decryption tools to affiliates to enable those intermediaries responsible for infecting computer systems with the group’s malicious software to negotiate ransom directly with victims.

“You get decryption tools for any company that hasn’t paid,” the statement said. “After that, you can communicate with them wherever you want, however you want.”

Julian Barnes contributed to the coverage.

Tags Attack, blamed, Colonial, DarkSide, pipeline, shutting

Business

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

Post author By
Post date May 14, 2021

In a separate ransomware attack on the Metropolitan Police Department in Washington, DC, hackers said the price offered by the police was “too low” and this week posted 250 gigabytes of the department’s data online, including databases of gang members become.

In his remarks on Thursday, Mr Biden used the Colonial Pipeline hack as further evidence that the United States needs to improve its critical infrastructure and urged lawmakers to end its $ 2.3 trillion proposal for road rebuilding, Support bridges, pipelines and other projects.

Republicans have defied the size of Mr Biden’s proposals, accusing the president of wanting to levy taxes to pay for things they don’t see as infrastructure, like housekeeping programs. Mr Biden has suggested raising taxes for wealthy people and businesses to pay for his expenses, but has said he is open to other ideas.

“I am ready to negotiate, as I indicated to members of the House and the leadership yesterday,” said Biden. “But it is clearer than ever that doing nothing is not an option.”

Gasoline prices in South Carolina and Georgia rose around 3 cents Wednesday through Thursday, about half what it had in the past few days. But prices in Tennessee, which depend on an offshoot of the pipeline, rose 6 cents to $ 2.87 for a gallon of regulars. Nationwide, the average price for a gallon of regular guests rose by 2 cents to $ 3.03, according to the AAA car club.

Gasoline supplies vary from state to state along the pipeline, partly because some locations have more storage than others. New Jersey was only 1 percent missing from gas stations early Thursday morning, while more than half of gas stations in Virginia, North Carolina and South Carolina ran out of fuel, according to GasBuddy, a fuel monitoring app. Friday is traditionally the biggest day for gasoline sales.

It will likely take at least a whole weekend for supplies to return to normal at all gas stations as it will take some time for fuel to flow through the pipeline.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom, Roughly

Business

Here is The Newest Information on the Colonial Pipeline Shutdown

Post author By
Post date May 11, 2021

Here's The Latest News on the Colonial Pipeline Shutdown

HOUSTON – Drivers scrambled to refuel their vehicles at gas stations in the southeast on Tuesday in a panic frenzy that left thousands of gas stations out of gas because of an important fuel line stretching 5,500 miles from Texas New Jersey stretches largely shut down after last week’s ransomware attack.

The shutdown has also left the airlines vulnerable. Several said they were flying on jet fuel to make sure the service wasn’t disrupted.

Gasoline in Georgia and several other states rose 3 to 10 cents a gallon on Tuesday, a price surge normally only seen when hurricanes disrupt refining and pipeline operations in the Gulf of Mexico.

The national average for a gallon of regular gasoline rose 2 cents on Tuesday, with higher prices reported in the southeast, according to the AAA automotive group. A gallon of gasoline rose, on average, nearly 7 cents in South Carolina and 6 cents in North Carolina, while gasoline in Virginia rose about 3 cents per gallon. Gas stations in the southern states were selling two to three times their normal amount of gasoline on Tuesday, according to the Oil Price Information Service, an organization tracking the oil sector. Some stations are running out of fuel while others limit purchases to 10 gallons.

Gas Buddy, a service that tracks gas prices, reported that nearly 8 percent of gas stations in Virginia ran out of gas, due more to panic buying than a lack of gas.

The heads of state responded with measures to keep the flow of fuel stable and to stabilize prices.

Georgia Governor Brian Kemp signed an executive order suspending his state’s gasoline tax by Saturday, which is approximately 20 cents a gallon. He said the move would “help level the price for a while,” and warned of panic buying, which he felt was unnecessary. North Carolina Governor Roy Cooper and Virginia Governor Ralph Northam each declared a state of emergency to suspend some regulations governing the transportation of fuel.

South Carolina Attorney General Alan Wilson announced that he was ready to administer the state’s price cut law, making excessive congestion a criminal offense. “I urge everyone to be careful and patient,” said Wilson. “I urge citizens to remain vigilant and notify my office immediately if they think they are witnessing or are aware of price cuts.”

Environmental Protection Agency Administrator Michael S. Regan on Tuesday issued an emergency air-fuel waiver to alleviate fuel shortages in states whose gasoline supplies are affected by the pipeline shutdown, including the District of Columbia, Maryland , Pennsylvania and Virginia. The waiver will continue until May 18.

Colonial Pipeline, the company that operates the pipeline, hopes to restore most operations by the end of the week. The attack carried out by the Federal Bureau of Investigation by an organized crime group called DarkSide exposed the vulnerability of the American energy system. The pipeline supplies the eastern United States with nearly half of its transportation fuel.

Industry analysts said the impact would be relatively minor as long as the artery is fully restored soon. “With a solution to the shutdown in sight, the cyberattack is now being treated as a minor disruption by the market and prices are reducing panic gains on Monday,” said Louise Dickson, oil market analyst at Rystad Energy.

Gasoline prices usually go up at this time of year as the summer driving season approaches. Even before the Colonial Pipeline ceased operations, average national gas prices rose nearly a cent per gallon every day.

Higher fuel prices affect workers and people on lower incomes the most, as they spend the highest percentage of their income on gasoline and tend to drive less efficient vehicles. This makes rising gasoline prices a potential political problem after several years of relatively low prices at the pump.

White House press secretary Jen Psaki made a statement Monday evening that President Biden is monitoring fuel shortages in the southeast.

Several airports in the south and in the Washington region could be affected in the next few days as they are connected to the pipeline and usually only have a few days of supply.

The interstate pipeline system for supplying airports with jet fuel had become increasingly vulnerable to costly disruptions in recent years, the industry trading group Airlines for America said in a 2018 report. And if there are disruptions, airlines have few options other than flying on extra fuel, stopping flights or canceling and rerouting flights altogether.

“Pipelines play a vital role in supplying our nation with jet fuel and ensuring air service – for passengers and cargo – for communities large and small,” said the group at the time. “Unfortunately, our national pipeline system is fragile today.”

After the disruption last weekend, American Airlines announced that two daily flights from Charlotte, NC One, to Honolulu, Dallas, where customers will switch planes, have been halted. The other, to London, will stop in Boston to refuel. Flights are expected to return to their original flight schedules on Saturday. Southwest Airlines said it was flying to Nashville on extra fuel and United Airlines said it was flying extra fuel to Baltimore; Nashville; Savannah, Ga .; and Greenville-Spartanburg International Airport in South Carolina. United, Southwest and Delta Air Lines said they had not detected any operational disruptions so far.

Gillian Friedman contributed to the coverage.

Tags Colonial, Heres, latest, News, pipeline, shutdown

Politics

Biden ready to take further steps after Colonial Pipeline ransomware assault

Post author By
Post date May 11, 2021

Biden prepared to take additional steps after Colonial Pipeline ransomware attack

Fuel tanks are seen at Linden Junction Tank Farm on the Colonial Pipeline in Woodbridge, New Jersey on May 10, 2021.

Michael M. Santiago | Getty Images

WASHINGTON – President Joe Biden said Monday his administration was ready to take further steps as the energy sector grapples with a colossal cyberattack on one of the largest fuel pipelines in the country.

On Friday, the Colonial Pipeline ceased operations and notified federal authorities that it had been the victim of a ransomware attack.

The attack, carried out by criminal cyber group DarkSide, forced the company to shut down about 5,500 miles of pipeline, cutting off half of the fuel supply on the east coast of the country. Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

The Department of Energy leads the federal government’s response in coordination with the FBI, the Department of Homeland Security, and the Department of Defense. A FireEye Mandiant spokeswoman confirmed to CNBC that the US cybersecurity company is working with Colonial Pipeline following the incident.

Biden said he has received regular information on the matter since the attack that struck the carotid artery of the American pipeline system. The president said his government had no information to support claims that Moscow directed the ransomware attack. He added that he would continue to discuss the situation with Russian President Vladimir Putin.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. They have a certain responsibility to deal with it,” said Biden of the White House.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

President Joe Biden discusses the US economy as Vice President Kamala Harris stands by in the East Room of the White House in Washington, USA on May 10, 2021.

Kevin Lemarque | Reuters

On the previous Monday, White House national security officials described the attack as financially motivated. However, Biden administration officials would not say whether Colonial Pipeline would agree to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

Kevin Lemarque | Reuters

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

Colonial Pipeline did not immediately respond to CNBC’s request for comment.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

Pentagon spokesman John Kirby said Monday that the Department of Defense is monitoring the country’s fuel supplies amid concerns that the Colonial Pipeline shutdown could lead to gasoline, diesel and jet fuel shortages. Kirby said there are currently no known shortages in the U.S. military.

Deputy National Security Advisor Elizabeth Sherwood-Randall told White House reporters that the government had forecast no fuel shortages.

Colonial Pipeline wrote in a statement Monday afternoon that it hopes to return service by the end of the week.

“Federal government measures to grant temporary duty relief to motorists and drivers transporting refined products across Colonial’s entire footprint should help alleviate local disruptions in supply, and we thank our government partners for their assistance in resolving this issue “added the statement.

The attack on the Colonial Pipeline comes as the Biden administration is working to pass a $ 2.3 trillion infrastructure plan aimed at partially addressing America’s critical infrastructure vulnerabilities.

“Unfortunately, these types of attacks are becoming more common. They are here to stay. And we have to work with companies to secure networks to defend ourselves,” Commerce Secretary Gina Marie Raimondo told the CBS Sunday program “Face the Nation.” “. “

“Right now it’s entirely manual work. And we’re working closely with the company, the state and local authorities to make sure they get back to normal operations as quickly as possible and that there are no disruptions.” on offer, “she said, adding that infrastructure investments are a top priority for management.

Tags additional, Attack, Biden, Colonial, pipeline, prepared, Ransomware, Steps

Business

How the Colonial Pipeline Turned a Important Artery for Gas

Post author By
Post date May 11, 2021

How the Colonial Pipeline Became a Vital Artery for Fuel

This gave them an enormous competitive advantage over the refineries on the east coast, which imported oil from abroad or by rail from North Dakota after the start of the shale boom. As the local refineries closed their doors, the Colonial Pipeline became increasingly important as a connection to refineries in Texas and Louisiana.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast has closed refineries, the Midwest has opened some new plants and expanded others over the past 20 years to process Canadian oil, mostly from Alberta sands. California and the Pacific Northwest have sufficient refineries to process crude oil made in California and Alaska and South America.

How serious is the immediate problem?

Not much. The northeastern supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the east coast managed to handle this. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada, and South America, although it can take up to two weeks for transatlantic cargo to arrive.

When Hurricane Harvey hit Texas in 2017 and damaged refineries, shipments from the Colonial Pipeline to the northeast were suspended for nearly two weeks. Port of New York gasoline prices rose rapidly by more than 25 percent, and the additional costs were passed on to motorists. It took over a month for prices to return to previous levels.

What’s the bigger threat?

Hacking a large pipeline may not be a major problem for drivers, but it is a sign of the times. Criminal groups and even nations can threaten power lines, personal information, and even banks.

The group responsible for the pipeline attack, DarkSide, usually locks their victims’ data using encryption and threatens to release the data unless a ransom is paid. Colonial Pipeline did not say whether it paid a ransom or intended to do so.

“The unfortunate truth is that infrastructure today is so fragile that almost anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a UK security software and hardware company. “Infrastructure is an easy and lucrative target for attackers.”

Tags Artery, Colonial, Fuel, pipeline, vital

Politics

Colonial stays largely closed, working to revive service

Post author By
Post date May 9, 2021

Colonial remains mostly closed, working to restore service

A police officer guards the gate to the junction and tank terminal of the Colonial Pipeline Co. Pelham in Pelham, Alabama, USA, on Monday, September 19, 2016.

Bloomberg | Bloomberg | Getty Images

Colonial Pipeline is working on restoring service and has some minor side lines between terminals and delivery points that are back in service, the company said on Sunday afternoon.

The company, which operates the country’s largest fuel pipeline, temporarily ceased operations on Friday due to a ransomware attack.

The four main lines remain offline. Colonial said a restart schedule was being developed, but no schedule was given for when full service would be restored.

“We are in the process of restoring service to other side panels and will only bring our entire system back online if we deem it safe and fully comply with all federal regulations,” Colonial said in a statement.

The federal government is working to avoid supply disruptions after the company ceases operations, US Secretary of Commerce Gina Raimondo said Sunday morning.

“This is something that companies have to worry about now,” Raimondo said during an interview on CBS’s “Face the Nation”. “Unfortunately, such attacks are becoming more common. They are here to stay.”

President Joe Biden has been notified of the ransomware attack, and the FBI said it is working closely with Colonial Pipeline and government partners to address the situation.

The Department of Energy is leading the federal response, according to Colonial. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency coordinates with the company.

Colonial said it learned Friday it was “the victim of a cybersecurity attack” and has since shut down 5,500 miles of pipeline that carries nearly half of the east coast’s fuel supplies, raising concerns of gasoline, diesel and jet fuel shortages .

The pipeline is the largest refined product pipeline in the nation, according to Colonial.

“At the moment everything is fine,” said Raimondo. “We are working closely with company, state and local government employees to ensure they are back to normal operations as soon as possible and that supplies are not interrupted.”

Secretary of Commerce Gina Raimondo testifies before the Senate Funds Committee during a hearing in the Dirksen Senate office building on Capitol Hill in Washington, DC on April 20, 2021.

Chip Somodevilla | Pool | Reuters

The company connects refineries on the Gulf Coast to more than 50 million people in the southern and eastern United States, according to its website.

The final impact of the attack on fuel prices is unclear as there is no schedule for Colonial to resume operations, according to Bernadette Johnson, senior vice president of energy and renewable energies at Enverus. Johnson predicted a short-term spike in refined product prices in the face of a short-term outage.

“Refined product storage in both the USGC and the Northeast can mitigate the effects of a short-term event,” Johnson said on Saturday.

However, according to John Kilduff, a partner with Again Capital in New York, if the shutdown persists, fuel shortages in the country could develop rapidly. Kilduff predicted that gas prices will skyrocket on Sunday night with the opening of futures trading if the company does not resume business by then.

Johnson agreed: “If this outage continued for an extended period of time, there would be product shortages in the Northeast and a glut of products in the USGC that would affect prices across the country,” she said.

Jay Hatfield, founder and CEO of Infrastructure Capital Management in New York, said a temporary outage will likely cause national gas retail prices to rise above $ 3 a gallon for the first time since 2014.

Gas futures rose 0.6% to $ 2.1269 a gallon and diesel futures rose 1.1% to $ 2.0106 a gallon on the New York Mercantile Exchange on Friday.

– CNBC’s Pippa Stevens contributed to this report

Tags closed, Colonial, remains, restore, Service, working