Tag: Ransom

Colonial Pipeline paid $5M ransom someday after hack, CEO tells Senate

Post author By
Post date June 9, 2021

Joseph Blount, JR., President and Chief Executive Officer, Colonial Pipeline is sworn in as he attends a hearing to examine threats to critical infrastructure, focusing on examining the Colonial Pipeline cyber attack at the U.S. Capitol in Washington, U.S., June 8, 2021.

Andrew Caballero-Reynolds | Reuters

WASHINGTON — Colonial Pipeline’s CEO told a Senate committee on Tuesday the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.

Joseph Blount Jr. told members of the Senate Homeland Security and Governmental Affairs Committee in prepared remarks that the company learned of the attack shortly before 5 a.m. on May 7, when an employee discovered a ransom note on a system in the IT network.

The note said hackers had “exfiltrated” material from the company’s shared internal drive, and it demanded approximately $5 million in exchange for the files.

The company was attacked by a ransomware program created by DarkSide, a cyber criminal group believed to operate out of Russia.

Blount said that shortly after discovering the ransom note, the employee notified a supervisor and the decision was made to immediately shut down the entire pipeline.

“At approximately 5:55 A.M. employees began the shutdown process,” Blount wrote. “By 6:10 A.M., they confirmed that all 5,500 miles of pipelines had been shut down.”

The decision to shut down the entire pipeline was driven by “the imperative to isolate and contain the attack to help ensure the malware did not spread to the Operational Technology network, which controls our pipeline operations, if it had not already.”

The shutdown caused major disruptions to gas delivery up and down the East Coast, as trucks struggled to restock gas stations, and long lines developed at pumps, especially in the Southeast. Airline operations also were disrupted.

Blount’s testimony revealed just how quickly the company decided to suspend operations, and it provided new details about the first few days after the attack.

The company believes attackers “exploited a legacy virtual private network profile that was not intended to be in use,” Blount told senators.

But he admitted that the account was not protected by multifactor authentication, which is currently the company standard in most of its operations. Blount said the password was complicated, though. “It was not a ‘Colonial 123’-type password.”

Blount also testified about the approximately $5 million in ransom that the company paid to the DarkSide hackers. He revealed that Colonial Pipeline paid the ransom one day after the attack.

“I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running,” Blount said in his opening statement. “It was one of the toughest decisions I have had to make in my life.”

“At the time, I kept this information close hold because we were concerned about operational security and minimizing publicity for the threat actor,” he said.

In response to a question about whether the company paid ransom to an entity under U.S. sanctions, Blount said the company checked the sanctions list maintained by the Office of Foreign Asset Control before making the payment.

The day before Blount testified, U.S. law enforcement officials announced that they were able to recover $2.3 million in bitcoin from the hacker group.

Blount also told senators that the company contacted the FBI within hours of discovering the attack.

This story will be updated throughout the Senate hearing.

Tags CEO, Colonial, Day, hack, Paid, pipeline, Ransom, Senate, tells

Politics

Colonial Pipeline paid $5 million ransom to hackers

Post author By
Post date May 17, 2021

WASHINGTON – Colonial Pipeline paid hackers a ransom after the company fell victim to a widespread cyber attack, a source familiar with the situation confirmed to CNBC.

A US official who spoke on condition of anonymity confirmed to NBC News that Colonial had paid nearly $ 5 million in ransom to the cybercriminals.

It wasn’t immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. The ransom payment was first reported by Bloomberg.

The previous Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline had paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government’s position not to pay ransom as this could encourage cybercriminals to launch further attacks.

Last week’s attack, carried out by a cyber criminal group called DarkSide, forced the company to shut down about 5,500 miles of pipeline, causing half the fuel supply on the east coast and gasoline shortages in the southeast.

Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

On Monday, White House National Security officials labeled the attack financially motivated but did not say whether the Colonial Pipeline agreed to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

Anne Neuberg, Deputy National Security Advisor for Cyber and Emerging Technologies, speaks about the colonial pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.

Kevin Lemarque | Reuters

“We recognize that cyber attack victims often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. ” about paying a ransom to them, “said Neuberger.

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

“Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future,” added the statement.

Biden told reporters on Monday that the US currently has no information linking the DarkSide group’s ransomware attack to the Russian government.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. You have a certain responsibility to deal with it,” Biden said from the White House on Monday.

He added that he would continue to discuss the situation with Russian President Vladimir Putin.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

On Wednesday, the Colonial Pipeline said in an evening statement that it had resumed operations days after its entire system was shut down due to the cyber attack. The company described its decision to temporarily close its pipeline service as a precautionary measure.

“Some markets served by Colonial Pipeline may or continue to experience intermittent business interruptions during the launch phase. Colonial will and will continue to move as much gasoline, diesel and jet fuel as possible until markets return.” normal, “added the company.

The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, software from IT company SolarWinds was breached, allowing hackers to access communications and data in multiple government agencies.

In April, Washington officially made the Russian foreign intelligence service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as “the largest and most sophisticated attack the world has ever seen”. Microsoft’s systems were also infected with malicious software.

The Russian government denies all allegations behind the SolarWinds hack.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom

Business

The Week in Enterprise: A Ransom for Gas

Post author By
Post date May 16, 2021

Good morning and good sunday. Here’s what you need to know in the business and technical news for the week ahead. – Charlotte Cowles

What’s happening? (May 9-15)

Panic at the pump

A cyberattack on the Colonial Pipeline, one of the largest fuel arteries in the US, resulted in an average gasoline price of over $ 3 per gallon for the first time since 2014. Panicked buyers lined up at the pump for fear of a shortage, which of course made the problem worse. To appease the hackers believed to be part of a foreign organized crime group, Colonial Pipeline paid nearly $ 5 million in ransom – a surrender that could encourage other criminals to take American companies hostage . Operators of the pipeline restored service late last week, but said the supply chain would take several days to get back to normal.

It is not your imagination

A new report from the Department of Labor confirmed what you may have noticed: the prices of consumer goods such as clothing, groceries and other housewares rose 4 percent in April year over year, beating past forecasts. Economists attribute the surge to pandemic-related issues such as higher shipping and fuel costs, disruptions in supplies, rising demand and staff shortages in factories and distribution centers. The Federal Reserve tried to allay inflation fears by insisting that the surge was temporary. Even so, the news frightened the stock market. Retail sales in April fell short of expectations and remained stable, but showed a slowdown in growth after a blockbuster March.

Facebook’s crypto bid

Still looking to break into some of the cryptocurrency market, Facebook is currently revising its digital currency project (formerly known as Libra, now called Diem) to address concerns from US officials that it is being used for money laundering and other illegal purposes could. The company is also moving the project from Switzerland to the US after trying to get approval from Swiss regulators. In other crypto news, Tesla CEO Elon Musk abruptly returned his support for Bitcoin and tweeted that his company would no longer accept the cryptocurrency as payment due to the fossil fuels used for mining and transactions. After his tweet, the price of Bitcoin fell more than 10 percent.

What’s next? (May 16-22)

Free rides for recordings

To get 70 percent of American adults at least partially vaccinated by July 4th, the federal and state governments are adding additional incentives. (In case you and others are safe and the ability to go maskless wasn’t a good reason.) The Biden administration has partnered with hail shipping companies Uber and Lyft to offer free transportation starting May 24th Offering Vaccination Centers Across the Country West Virginia is working on a plan to offer $ 100 savings bonds to people aged 16 to 35 who get their shots. And those who receive the vaccine in Ohio will be entered into a lottery that will award $ 1 million in prize money every week for five weeks starting May 26th.

Ellen’s last dance

Ellen DeGeneres will end her talk show next year after nearly two decades on the air. Her program saw a sharp drop in ratings after employees complained about a toxic workplace and accused producers of sexual harassment. The allegations looked particularly dire given Ms. DeGeneres’ slogan, “Be Kind,” which has become a branded juggernaut used to market goods to her fans. Although Ms. DeGeneres publicly apologized for the incidents in September, the show has lost more than a million viewers since then, a 43 percent decline from about 2.6 million last season. From September to February, advertising revenue fell by 20 percent year-on-year.

(Slightly) More golden arches

Fighting to recruit workers in a tight labor market, McDonald’s is the latest fast food company to raise hourly wages after recently gaining a foothold in chain restaurants like Chipotle and Olive Garden. However, McDonald’s raise only applies to company-owned restaurants, which are a small part of the business. About 95 percent of US restaurants are independently owned and set their own wages.

What else?

Low-income households can now apply for a $ 50 monthly discount for high-speed internet services. Hearst Magazines sold the American edition of Marie Claire to a British publisher. And after more than a year trying to figure out what to do with the competitive retailer Victoria’s Secret, the brand’s parent company decided to split into two independent, publicly traded companies: Victoria’s Secret and Bath & Body Works.

With The Times’ Andrew Ross Sorkin, speaking with Dame Ellen MacArthur and other economists, discuss what it takes to transform the economy to fight climate change. May 20th at 1:30 p.m. ET RSVP here.

Tags business, Fuel, Ransom, Week

Business

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

Post author By
Post date May 14, 2021

In a separate ransomware attack on the Metropolitan Police Department in Washington, DC, hackers said the price offered by the police was “too low” and this week posted 250 gigabytes of the department’s data online, including databases of gang members become.

In his remarks on Thursday, Mr Biden used the Colonial Pipeline hack as further evidence that the United States needs to improve its critical infrastructure and urged lawmakers to end its $ 2.3 trillion proposal for road rebuilding, Support bridges, pipelines and other projects.

Republicans have defied the size of Mr Biden’s proposals, accusing the president of wanting to levy taxes to pay for things they don’t see as infrastructure, like housekeeping programs. Mr Biden has suggested raising taxes for wealthy people and businesses to pay for his expenses, but has said he is open to other ideas.

“I am ready to negotiate, as I indicated to members of the House and the leadership yesterday,” said Biden. “But it is clearer than ever that doing nothing is not an option.”

Gasoline prices in South Carolina and Georgia rose around 3 cents Wednesday through Thursday, about half what it had in the past few days. But prices in Tennessee, which depend on an offshoot of the pipeline, rose 6 cents to $ 2.87 for a gallon of regulars. Nationwide, the average price for a gallon of regular guests rose by 2 cents to $ 3.03, according to the AAA car club.

Gasoline supplies vary from state to state along the pipeline, partly because some locations have more storage than others. New Jersey was only 1 percent missing from gas stations early Thursday morning, while more than half of gas stations in Virginia, North Carolina and South Carolina ran out of fuel, according to GasBuddy, a fuel monitoring app. Friday is traditionally the biggest day for gasoline sales.

It will likely take at least a whole weekend for supplies to return to normal at all gas stations as it will take some time for fuel to flow through the pipeline.

Tags Colonial, Hackers, million, Paid, pipeline, Ransom, Roughly