Tag: Ransomware

Categories
World News

REvil, Hacking Group Behind Main Ransomware Assault, Disappears

REvil, Hacking Group Behind Major Ransomware Attack, Disappears

The second theory is that Mr Putin ordered the group’s websites to be removed. If so, it would be a gesture to heed Mr Biden’s warning, which he had also expressed more generally when the two leaders met in Geneva on June 16. And it should only be a day or two before a US-Russian working group on the subject set up during the Geneva meeting is due to hold a virtual meeting.

A third theory is that REvil decided the heat was too intense and shut down the sites itself so as not to get caught in the crossfire between the American and Russian presidents. This is what another Russian group, DarkSide, did after the ransomware attack on Colonial Pipeline, the US company that had to shut down the pipeline that supplies gasoline and kerosene to much of the east coast in May after its computer network was breached.

However, many experts believe that DarkSide’s exit from the business was nothing more than digital theater and that all of the group’s major ransomware talents will be reassembling under a different name. If so, the same could happen to REvil, which Recorded Future, a Massachusetts-based cybersecurity firm, estimates is responsible for about a quarter of all sophisticated ransomware attacks on Western targets. .

Allan Liska, a senior intelligence analyst at Recorded Future, said if REvil went missing, he doubted it was voluntary. “If anything, these guys are show-offs,” said Mr. Liska. “And we saw no notes, no showing off. It feels like they gave up everything under pressure. “

There were indications that the pressure may have come from Russia. U.S. Cyber ​​Command commander and director of the National Security Agency Gen. Paul M. Nakasone was not expected to have full options for U.S. action against ransomware actors until later this week, several officials said. And there was no evidence that REvil’s websites were “seized” by a court order that the Justice Department frequently publishes.

Cyber ​​Command declined to comment.

While closing REvil would give Mr Putin and Mr Biden an opportunity to show that they are facing the problem, it could also give ransomware actors a chance to get away with their profits. The big losers would be the companies and cities that do not get their encryption keys and may be locked out of their data forever. (When ransomware groups break up, they often release their decryption keys. That didn’t happen on Tuesday.)

Mr Biden is expected to roll out a ransomware strategy in the coming weeks to prove that the Colonial Pipeline and other recent attacks show how crippling critical infrastructures pose a major national security threat.

Categories
Politics

Biden Weighs a Response to Ransomware Assaults

Biden Weighs a Response to Ransomware Attacks

William Evanina, who recently left a top counterintelligence post in the U.S. government and now advises companies, said he would advise Mr. Biden “to be bold.”

“We need to give Putin something to think about,” he said. “And while I know people in the government like the idea of having ‘unseen’ cyberoperations, we have to show the American people and the private sector that we are doing something about this.”

Mr. Putin has denied that many of the attacks have come from Russia and has argued that the United States, with its cyberoperations around the globe, is the most active disruptive force on the internet.

But clearly a large number of the ransomware demands come out of Russia, and the ransomware code is often written to avoid hitting Russian-speaking targets.

If Moscow wanted to stop Russia’s cybercriminals from hacking American targets, experts say, it would. That is why, some Russia experts argue, the United States needs take aim at Russia’s kleptocracy, either by leaking details of Mr. Putin’s financials or by freezing oligarchs’ bank accounts.

“The only language that Putin understands is power, and his power is his money,” said Garry Kasparov, the Russian chess grandmaster and a Putin critic. “It’s not about tanks; it’s about banks. The U.S. should wipe out oligarchs’ accounts, one by one, until the message is delivered.”

For now, REvil has shown no sign that it is diminishing operations.

In recent days, its cybercriminals continued to hijack American companies’ networks. On Wednesday, REvil hit a new target: a Florida defense contractor, HX5, that sells space and weapon launch technology to the Army, the Navy, the Air Force and NASA.

REvil posted hacked documents to its naming-and-shaming website, “The Happy Blog.” None appeared to be of vital consequence, but HX5 is just the latest contractor to be hit.

Categories
Politics

CEOs want to arrange for improve in ransomware assaults: DOJ official

CEOs need to prepare for increase in ransomware attacks: DOJ official

A senior Justice Department official warned Friday that US business leaders must do more to prepare for an onslaught of ransomware attacks by foreign states and criminal groups.

“The message has to be to viewers here, CEOs across the country, that they are seeing the exponential increase in these attacks,” said Lisa Monaco, Assistant Attorney General, CNBC’s Eamon Javers in her first television interview since joining the Justice Department in April .

Monaco, which has spearheaded the DOJ’s efforts to deter cyberattacks, said the recent high-profile hacks on the Colonial Pipeline and meat processing company JBS mirror the types of break-ins that happen every day.

“If you don’t take steps – today and now – to understand how to make your business more resilient, what is your plan?” Said Monaco, addressing business leaders. “If your chief security officer came to you today and said, ‘We’ve been hit, boss’, what’s your plan? You know, and does your chief security officer know the name and number of the FBI leader near you? Who cares about ransomware- Attacks? These are steps you must take now – today – to make yourself more resilient. “

Monaco, who was a homeland security adviser to former President Barack Obama, issued a memo to the country’s federal prosecutors on Thursday calling for the centralization of reporting of ransomware attacks. Shortly after joining the DOJ, she launched a 120-day review of the department’s cybersecurity challenges.

“What we are doing here at the Justice Department reflects the threat that ransomware poses to national and economic security,” Monaco said.

The two most recently published attacks against Colonial Pipeline and JBS have been linked to criminal groups in Russia. Monaco declined to speculate on whether Russian President Vladimir Putin, a U.S. opponent, played a role in the debilitating raids.

“We know that the recent attacks against JBS Foods and Colonial Pipeline have actually been linked to criminal actors, criminal groups known to law enforcement and ties to Russia, and these are attackers who have already struck, it reflects one persistent threat, “said Monaco.

“Today, Eamon, businesses are actually being attacked by ransomware attacks, from malicious cyber attackers, whether they are criminals, nation-states or what we call a” mixed threat “of both,” she added.

JBS, the world’s largest meat packer, was hit by a cyberattack on Monday that affected its operations in North America. As of Tuesday, the company said it had made significant strides in restoring the internet, but did not disclose whether it paid a ransom.

Monaco said it doesn’t know if the company paid a ransom. But she said, “I think we need to know” when companies are paying in response to attacks. Investigators, including the FBI, must be able to “follow up on that money,” she said, noting that it is often paid for in cryptocurrency.

Colonial Pipeline CEO Joseph Blount said his company paid a ransom of $ 4.4 million in bitcoin to DarkSide, the criminal group behind the attack. DarkSide self-closed in May but had reportedly received $ 90 million in bitcoin ransom payments.

“The use of cryptocurrency can of course have many good applications, but we have to be aware of the abuse, the abuse of criminal actors in this area,” said Monaco. “So we need both the exchanges and the companies that are going to work with them to really work with the FBI.”

Monaco also said it was vital for companies – especially those that are publicly traded – to disclose when they have been hit by ransomware attacks.

“It is important for the public to understand the steps companies are taking to make themselves more resilient,” she said.

Also on Friday, the FBI released a statement on the recent ransomware attacks, calling its investigation “top priority”.

“The FBI has a long history of addressing unique cyberspace challenges and of imposing risks and ramifications on our nation’s cyber adversaries,” it said. “Thanks to trusting relationships with our partners from the private sector, we are indispensable in the fight against cyberattacks.”

Categories
Business

Ransomware Disrupts Meat Vegetation in Newest Assault on Crucial U.S. Enterprise

Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business

A cyberattack on the world’s largest meat processor forced the closure of nine beef factories in the United States and interrupted production in poultry and pork factories, according to union officials on Tuesday. The attack could shake the country’s meat markets and raise new questions about the vulnerability of critical American companies.

JBS said most of its plants would reopen on Wednesday. But even a one-day disruption to JBS could “significantly affect” wholesale beef prices, according to analysts for the Daily Livestock Report.

The attack at JBS was a ransomware attack, the White House said – the second recent attack of its kind to freeze a critical US business. Last month, a ransomware attack on the Colonial Pipeline, which carries gas to nearly half of the east coast, sparked gas and kerosene bottlenecks and panic buying.

JBS, which is based in Brazil and accounts for one-fifth of the US daily cattle harvest, said in a statement late Tuesday that it has made “significant strides in solving the cyberattack.”

“Our systems are coming back online and we are not sparing resources to combat this threat,” said Andre Nogueira, CEO of JBS USA, in the statement.

The Department of Agriculture announced Tuesday that it is working with other producers to minimize bottlenecks.

All nine JBS beef factories in the United States closed on Tuesday, according to the United Food and Commercial Workers International Union, which represents workers at JBS beef and pork factories. The company’s poultry and pork factories in the US posted on Facebook that they had canceled shifts scheduled for Monday or Tuesday or changed production, some citing “IT problems”.

In addition to the company’s U.S. plants, the shutdowns affected 2,500 workers at a beef factory in Brooks, Alberta, according to Scott Payne, a spokesman for United Food and Commercial Workers Local 401 in Canada. “All shifts were canceled yesterday,” he said on Tuesday. “The morning shift was canceled today. But the afternoon shift has been postponed to today. “

When the plants went online, at least one beef factory delayed the start of production on Wednesday and another changed one of its shifts, according to the factories.

With restaurants and retail customers starting to buy beef in the summer, the wholesale market was “extremely tight,” the analysts for the Daily Livestock Report wrote in a report released on Tuesday. They discovered that a small restaurant in southern Utah had started charging an additional $ 4 for dishes that included carne asada.

“Retailers and beef processors are coming back from a long weekend and need to catch up on orders and make sure the meat crate is full,” the analysts wrote. “If you suddenly get a call that the product may not be delivered tomorrow or this week, it will create very big challenges when it comes to keeping the equipment up and running and keeping the retail case in stock.”

In business today

Updated

June 1, 2021, 12:59 p.m. ET

A prolonged hiatus, the analysts warned, “could add gasoline to an already large flame”.

JBS said it was the target of an “organized cybersecurity attack” that affected systems in North America and Australia, that its backup servers were unaffected, and that it did not expect customer, supplier or employee information to be leaked.

Karine Jean-Pierre, a White House deputy press secretary, told reporters at Air Force One Tuesday that JBS had told the Biden government that it was a ransomware attack and that the ransom was from “a criminal organization based in Russia “came.”

The Federal Bureau of Investigation investigated the hack, and the Cybersecurity and Infrastructure Security Agency was also involved, Ms. Jean-Pierre said.

“The White House is working directly with the Russian government on this matter, sending the message that responsible states do not harbor ransomware criminals,” she said.

In two weeks’ time, President Biden is due to meet Russian President Vladimir V. Putin in Geneva for a summit that puts a multitude of cyberattacks, many of which originate from Russia, at the top of the American agenda.

A recent security breach used SolarWinds software to infiltrate more than 250 federal agencies and companies. It was considered the worst attack because it raised the question of whether the United States could trust its software supply chain. SolarWinds, according to the United States, is the work of the SVR, one of the leading Russian intelligence agencies.

Last week, the SVR was blamed for a breach that hijacked the company that distributes emails on behalf of the US Agency for International Development and sent links containing malware to organizations criticizing Putin.

But ransomware attacks have become more urgent after hackers hit the Colonial Pipeline last month. The pipeline operator shut down its systems after the attack, which led to price rises, panic buying and a shortage of jet fuel. The company later admitted it paid $ 4.4 million to restore its data.

The attack on the Colonial Pipeline was the work of a ransomware operator called DarkSide, which Biden said was based in Russia.

The perpetrator behind the JBS attack has not been publicly identified. Cybersecurity specialists said Tuesday blogs and online channels frequented by large ransomware groups have gone silent – most likely because the group in charge was waiting to see if JBS would pay.

The US government does not know how to deal with the attacks, as many of the responsible groups operate from Russia, where they largely enjoy a safe haven. Russia has refused to extradite its hackers and frequently attacks them for sensitive intelligence operations.

Mr Biden said after the attack on the Colonial Pipeline that Russia was partly responsible, although there was no evidence that the government was involved.

“We were in direct communication with Moscow to get responsible countries to take decisive action against these ransomware networks,” said Biden. “We will also take action to disrupt their operability.”

He did not rule out the possibility of the US launching a cyber attack against the criminals responsible for the pipeline attack. Following Mr Biden’s remarks, DarkSide criminals said they would close, despite cybersecurity experts warning that they would likely be renamed and reappear.

David E. Sanger and William P. Davis contributed to the coverage.

Categories
Business

Irish Hospitals Are Newest to Be Hit by Ransomware Assaults

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyber attack on the Irish health system has crippled the country’s healthcare system for a week, banning access to patient records, delaying Covid-19 tests and forcing medical appointments to be canceled.

Using ransomware, malware that encrypts a victim’s data until they pay a ransom, the people behind the attack have held the data hostage in Ireland’s publicly funded health system, the Health Service Executive. The attack forced the HSE to shut down its entire information technology system.

In a press conference on Thursday, Paul Reid, managing director of HSE, said the attack was “an upset stomach”.

Caroline Kohn, a spokeswoman for a group of hospitals in the east of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

Security researchers believe the attack on Ireland’s hospitals was the work of a Russian-speaking cyber criminal group called Wizard Spider. In a ransom note posted online, the criminals threatened to reveal the stolen health network data unless officials pay a ransom of $ 19,999,000.

Ireland’s Prime Minister, Micheál Martin said the government would not pay. “We are very sure that we will not pay a ransom,” he said at a press conference last week.

Mr. Reid said the effects would be felt for many weeks. “This is not a short sprint,” said Mr. Reid. “This will have a lasting effect.”

The attack is the latest in a spate of ransomware attacks targeting hospitals around the world in recent weeks.

In California, Scripps Health, which operates five hospitals and a number of San Diego clinics, is still trying to bring its systems back online two weeks after a ransomware attack crippled its data. In New Zealand, a ransomware attack crippled several hospitals across the country, forced clinicians to use pen and paper, and postponed non-selective surgeries.

Late last year, a ransomware attack on the University of Vermont Medical Center changed the lives of cancer patients whose chemotherapy treatments had to be delayed or restored from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operator that supplies nearly half of the gas, diesel and jet fuel to the east coast. This attack caused Colonial Pipeline to cease pipeline operations, causing panic buying at the pump as well as gas and jet fuel shortages along the east coast. Colonial Pipeline agreed to pay its extortionists, another gang of cybercriminals called DarkSide, nearly $ 5 million to decrypt their data.

The attack in Ireland has left residue in emergency rooms from Dublin to Galway and patients have been urged to stay away from hospitals unless they need urgent care.

Appointments for radiation treatments, MRIs, gynecological visits, endoscopies and other health services have been canceled in many Irish countries. Health officials said the attack also caused delays in Covid-19 test results, but a vaccine scheduling system is still working.

Irish health officials said Thursday that HSE was working to build a new network separate from the affected network. Hundreds of experts were recruited to rebuild 2,000 different systems. The effort should cost tens of millions of euros, said Reid.

The HSE announced on Thursday that it had been provided with a key that could be used to decrypt the data held as a ransom. However, it is unclear whether this would work.

Ransomware attacks against hospitals increased after two separate attempts – one by the Pentagon’s Cyber ​​Command and a separate litigation by Microsoft – to shut down a large botnet, a network of infected computers called Trickbot, which is the main channel for ransomware served.

In the weeks following these efforts, cyber criminals said they wanted to attack more than 400 hospitals. The threat prompted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn healthcare operators to step up their protection against ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cyber criminals and refuse to extradite them. In response to last week’s Colonial Pipeline episode, President Biden said Russia has some responsibility for ransomware attacks as cyber criminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for attacking Ireland’s health systems, speak Russian and researchers “have great confidence that they are Eastern European and likely Russian”.

Last month, a Florida school district data was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cyber criminals demanding $ 40 million in cryptocurrency. The criminals encrypted data and posted thousands of school information online after officials refused payment.

Last December, chip maker Advantech was also hit by Wizard Spider. The data was published on the so-called Dark Web after refusing to pay.

Some cyber insurance companies have taken on the cost of ransom payments and calculated that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started pressuring insurance companies to pay ransom demands, arguing that they are only launching more ransom attacks and encouraging cyber criminals to make more lucrative demands.

AXA, the French insurance giant, said last week it would no longer cover ransom payments. Within days of its announcement, AXA was hit by a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” said John Dickson, cybersecurity expert at Denim Group’s San Antonio, in an interview Thursday. “These attacks shouldn’t come as a surprise to anyone who’s paying attention.”

Categories
Health

Irish well being service hit by ‘subtle’ ransomware assault

Irish health service hit by 'sophisticated' ransomware attack

An ambulance arrives at the A and E departments of the Mater Misericordiae University Hospital in Dublin on Monday January 18, 2021.

Artur Widak | NurPhoto via Getty Images

LONDON – Ireland’s health service shut down its computer systems on Friday after being hit by a “sophisticated” ransomware attack.

The Irish health service provider said there had been a “significant ransomware attack” on its IT systems without commenting on further details.

“As a precaution, we shut down all of our IT systems to protect them from this attack and to be able to (fully) assess the situation with our own security partners,” said the HSE in a tweet on Friday.

“We apologize for the inconvenience this may cause patients and the public and we will provide more information as it becomes available.”

Ireland’s vaccination program has not been affected and appointments are proceeding as planned, but the registration portal has gone offline. Doctors also can’t refer people for Covid-19 testing, so patients have been advised to use walk-in testing centers. HSE said its emergency services were functioning normally.

Rotunda Hospital in Dublin, a maternity hospital, said all outpatient visits for Friday have been canceled, with the exception of women who are 36 weeks pregnant or later. All gynecological clinics are canceled.

“It’s very sophisticated,” said Paul Reid, managing director of HSE, to RTE Radio 1. “It affects all of our national and local systems, which would be involved in all of our core services.”

“We noticed this during the night and obviously acted immediately. The top priority is obviously to contain this. But it’s what we would call a human-powered ransomware attack that they would try to target to get.” Access to data. “

Ransomware attacks

Ransomware is a type of malicious software that blocks access to a computer system. Hackers demand a ransom payment – usually cryptocurrency – in exchange for restoring access.

In 2017, the UK’s National Health Service was one of many organizations affected by malware called WannaCry.

Peter Carthew, director of the UK and Ireland public sector at security firm Proofpoint, said health organizations are “high quality targets for ransomware attacks”.

“You would be most motivated to pay to have systems restored quickly,” Carthew said via email.

“Given the nature of the industry, health workers are often severely time constrained, resulting in them clicking, downloading, and processing emails, while potentially falling victim to carefully crafted social engineering-based email attacks.” , he added.

The news follows a major cyberattack on the Colonial Pipeline in the United States that paralyzed gas supply systems in the southeastern states. Colonial resumed operations Wednesday afternoon but said the delivery schedule would not return to normal for several days. The company paid hackers a $ 5 million ransom.

The attack was believed to have been carried out by the DarkSide hacking group. DarkSide is a relatively new group, but cybersecurity analysts believe they are dangerous. The group claimed Wednesday it attacked three more companies, despite global outcry over their attack on Colonial.

HSE wasn’t the only organization to announce on Friday that it had been hit by a ransomware attack.

Toshiba Tec, a division of Japanese tech company Toshiba, said its European business fell victim to a ransomware attack on May 4th, according to Reuters. The company said the attack came from DarkSide.

– CNBC’s Sam Shead and Eamon Javers contributed to this report.

Categories
Politics

Biden ready to take further steps after Colonial Pipeline ransomware assault

Biden prepared to take additional steps after Colonial Pipeline ransomware attack

Fuel tanks are seen at Linden Junction Tank Farm on the Colonial Pipeline in Woodbridge, New Jersey on May 10, 2021.

Michael M. Santiago | Getty Images

WASHINGTON – President Joe Biden said Monday his administration was ready to take further steps as the energy sector grapples with a colossal cyberattack on one of the largest fuel pipelines in the country.

On Friday, the Colonial Pipeline ceased operations and notified federal authorities that it had been the victim of a ransomware attack.

The attack, carried out by criminal cyber group DarkSide, forced the company to shut down about 5,500 miles of pipeline, cutting off half of the fuel supply on the east coast of the country. Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

The Department of Energy leads the federal government’s response in coordination with the FBI, the Department of Homeland Security, and the Department of Defense. A FireEye Mandiant spokeswoman confirmed to CNBC that the US cybersecurity company is working with Colonial Pipeline following the incident.

Biden said he has received regular information on the matter since the attack that struck the carotid artery of the American pipeline system. The president said his government had no information to support claims that Moscow directed the ransomware attack. He added that he would continue to discuss the situation with Russian President Vladimir Putin.

“So far there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. They have a certain responsibility to deal with it,” said Biden of the White House.

The Kremlin has previously denied claims that it launched cyberattacks against the United States.

President Joe Biden discusses the US economy as Vice President Kamala Harris stands by in the East Room of the White House in Washington, USA on May 10, 2021.

Kevin Lemarque | Reuters

On the previous Monday, White House national security officials described the attack as financially motivated. However, Biden administration officials would not say whether Colonial Pipeline would agree to pay the ransom.

“Usually this is a private sector decision,” Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.

“We recognize that cyber attack victims often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. ” about paying a ransom to them, “said Neuberger.

Anne Neuberg, Deputy National Security Advisor for Cyber ​​and Emerging Technologies, speaks about the colonial pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.

Kevin Lemarque | Reuters

She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.

Colonial Pipeline did not immediately respond to CNBC’s request for comment.

On Monday before, the DarkSide group described its actions as “apolitical” in a Cybereason statement to CNBC.

“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” wrote the group.

“Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future,” added the statement.

Pentagon spokesman John Kirby said Monday that the Department of Defense is monitoring the country’s fuel supplies amid concerns that the Colonial Pipeline shutdown could lead to gasoline, diesel and jet fuel shortages. Kirby said there are currently no known shortages in the U.S. military.

Deputy National Security Advisor Elizabeth Sherwood-Randall told White House reporters that the government had forecast no fuel shortages.

Colonial Pipeline wrote in a statement Monday afternoon that it hopes to return service by the end of the week.

“Federal government measures to grant temporary duty relief to motorists and drivers transporting refined products across Colonial’s entire footprint should help alleviate local disruptions in supply, and we thank our government partners for their assistance in resolving this issue “added the statement.

The attack on the Colonial Pipeline comes as the Biden administration is working to pass a $ 2.3 trillion infrastructure plan aimed at partially addressing America’s critical infrastructure vulnerabilities.

“Unfortunately, these types of attacks are becoming more common. They are here to stay. And we have to work with companies to secure networks to defend ourselves,” Commerce Secretary Gina Marie Raimondo told the CBS Sunday program “Face the Nation.” “. “

“Right now it’s entirely manual work. And we’re working closely with the company, the state and local authorities to make sure they get back to normal operations as quickly as possible and that there are no disruptions.” on offer, “she said, adding that infrastructure investments are a top priority for management.

Categories
Business

Pipeline Hit by Ransomware Hopes to Restart by Finish of Week

Pipeline Shutdown Has Had Little Impact on Supplies So Far

An oil and gas pipeline system that had to be shut down on Friday after a ransomware attack is not expected to be “substantially” restored until the end of the week, the operator Colonial Pipeline announced on Monday.

“As this situation continues to flow and evolve, the colonial operations team is executing a plan that includes an incremental process that will make it easier to get back up and running gradually,” said a statement posted on its website. “This plan is based on a number of factors, security and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”

The company said it monitored its customers’ shipments and worked with shippers to move fuel.

The sudden shutdown of 5,500 miles of pipeline, which the company claims represents nearly half of the east coast’s fuel supply, was a worrying sign of weaknesses in the country’s energy infrastructure. The shutdown had raised concerns about fueling much of the pipeline across the country. As a result, gasoline futures prices had risen on Monday, and analysts said a longer shutdown could push them up even further – which could potentially impact the prices consumers pay for gasoline at the pump. Experts said several airports depend on the jet fuel pipeline, including those in Nashville, Baltimore-Washington, and Charlotte and Raleigh-Durham, NC, could have a tough time later in the week. Airports usually store enough jet fuel for three to five days of operation.

This is a developing story. Check for updates again.

Categories
World News

Ransomware assault forces shutdown of largest gas pipeline within the U.S.

Ransomware attack forces shutdown of largest fuel pipeline in the U.S.

Signage will be displayed on a fence at the Colonial Pipeline Co. Pelham intersection and terminal in Pelham, Alabama, USA on Monday, September 19, 2016.

Luke Sharrett | Bloomberg | Getty Images

The operator of the country’s largest fuel pipeline, the Colonial Pipeline, fell victim to a cybersecurity attack targeting ransomware on Friday, forcing the company to temporarily suspend all pipeline operations, the company said in a statement on Saturday.

The company hired an outside cybersecurity firm to investigate the incident and reached out to law enforcement and other federal agencies. The cyber attack also affected some of its IT systems.

The Colonial Pipeline, which carries nearly half of the east coast’s fuel supplies, said it was “taking steps to understand and solve this problem.”

“Right now, our main focus is on the safe and efficient restoration of our service and our efforts to get back to normal operations,” said a company statement.

“This process is already underway and we are working diligently to address this issue and minimize disruption for our customers and those who depend on Colonial Pipeline,” the company said.

Colonial operates the largest refined product pipeline in the United States, according to its website, shipping 2.5 million barrels a day. Refined products include gas, diesel, heating oil, and jet fuel. The pipeline also supplies the US military.

Colonial’s system spans more than 5,500 miles between Texas and New Jersey, connecting refineries on the Gulf Coast to more than 50 million people in the southern and eastern United States, the company said.

The Federal Energy Regulatory Commission, which oversees interstate pipelines, said it was aware of the cyberattack and is monitoring the situation.

“We are aware that it appears to be a serious cyber attack on the Colonial Pipeline system,” said chairman Richard Glick in a statement to CNBC. “FERC is in communication with other federal agencies and we are working closely with them to monitor developments.”

President Joe Biden was also briefed on the incident on Saturday morning, according to a White House spokesman.

“The federal government is actively working to evaluate the impact of this incident, avoid supply disruptions and help the company to restore pipeline operations as soon as possible,” the spokesman said.

The Biden government announced a 100-day plan in April to protect the country’s electrical systems supply chain from cyberattacks amid growing concerns over the vulnerability of U.S. power supplies to cyber threats.

A US Department of Energy spokesman said the department is coordinating with Colonial Pipeline, the energy sector, states and interacting partners to support the response effort.

“DOE also works closely with the coordination councils of the energy sector and the centers for the exchange and analysis of energy information and monitors possible effects on the energy supply,” the spokesman told CNBC.

Andy Lipow, president of Lipow Oil Associates, based in Texas, said an outage that would last a day or two would cause some minor inconvenience and greater impact after four to five days of shutdown.

There could also be possible sporadic outages if a certain terminal was dependent on a delivery today or tomorrow and this is now delayed, said Lipow.

“Unlike the February frost or the hurricane, refineries are still operating, converting crude oil into gasoline, jet and diesel. They just can’t get it to the terminals,” said Lipow. “Prolonged colonial pipeline downtime will force refineries to lower their operating rates as refinery stocks fill up.”

“While they may not be able to ship it to Colonial, the refineries will certainly continue to ship to the Midwestern markets,” said Lipow.

John Kilduff, a partner at Again Capital in New York, said that if the outage persists, gasoline, diesel, and jet fuel shortages will quickly emerge in the United States.

“It appears that it was more of a ransomware attack than a state actor, but it shows the significant security flaw across the industry,” said Kilduff. “If there is no resumption of operations or at least no clarity about a resumption by tomorrow evening, gasoline prices will skyrocket on Sunday evening.”

Eric Goldstein, assistant director of cybersecurity at the agency for cybersecurity and infrastructure security, said the agency is working with partners from Colonial Pipeline and Interagenten.

“This underscores the threat ransomware poses to businesses regardless of size or industry,” Goldstein said.

Colonial Pipeline is privately owned by five companies: CDPQ Colonial Partners, IFM (US) Colonial Pipeline 2, KKR-Keats Pipeline Investors, Koch Capital Investments Company, and Shell Midstream Operating.