Search Options
Skip to main content (Press Enter).
Sign In
Skip auxiliary navigation (Press Enter).
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Communities
General Discussion
My Communities
Explore All Communities
Products
Solutions
Services
Developers
Champions Corner
Customer Stories
Insights
Customer Advocacy Program
Badge Challenges
Resources
Resource Library
Hitachi University
Product Documentation
Product Downloads
Partners Portal
How To
Get Started
Earn Points and Badges
FAQs
Start a Discussion
Champions Corner
Blog Viewer
Blogs
Ransomware Temporarily Disrupted – But More Action is Required
By
Hubert Yoshida
posted
05-18-2021 21:53
2
Like
Colonial Pipeline who supplies gasoline and jet fuel to the eastern United States resumed operation of the pipeline which was shut down by a ransomware attack on May 7. This created widespread fuel shortages and panic buying in major cities along the east coast. Colonial Pipeline returned to operation on May 15, after reportedly paying 75 bitcoin or about $5 million to the hackers according to
Bloomberg
. In earlier reports, the company said that they would not be paying the ransom. In actuality, Bloomberg reports that the company paid the hefty ransom in cryptocurrency within hours after the attack due to the immense pressure faced by Colonial Pipeline to get gasoline and jet fuel flowing again to major cities along the East Coast. Although the official position of the U.S. Government is not to pay any ransom, a person familiar with the situation said U.S. government officials were aware that Colonial made the payment. Most industry executives believe that the extent of the impact on critical infrastructure, left Colonial with no choice but to pay the ransom. The Hack occurred on May 7, and Colonial shut down operations in order to ensure that the ransom hack did not also expose the operational systems to damage or override. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe. Although the decryption tools were made available almost immediately, bringing the operation back online took careful planning since the networks that controlled the distribution of different types of fuel had to be carefully planned. Even though the pipeline is fully operational it will take time to backfill the various distribution points.
Reaction to this attack may have been more than Darkside had expected. Normally ransomware attacks are under reported. However, since this had such an immediate impact on the United States’ critical infrastructure. President Biden signed an executive order on cybersecurity citing the recent SolarWinds and
Microsoft
Exchange hacks in addition to the Colonial Pipeline attack.
The executive order is designed to "disrupt their (hackers) ability to operate" -- including a new task force dedicated to prosecuting ransomware hackers. The intent is to increase training and funnel more resources to identifying hackers while improving intelligence sharing and "links between criminal actors and nation-states." The force will also target the ecosystem behind such criminals, with prosecutions, disruptions and curbing services like forums that advertise their services.
On May 14
Intel471.com
observed numerous ransomware operators and cybercrime forums either claim their infrastructure has been taken offline, are amending their rules, or they are abandoning ransomware altogether due to the large amount of negative attention directed their way over the past week. Darkside which has been named as the one responsible for the Colonial Pipeline incident, also passed an announcement to its affiliates claiming a public portion of the group's infrastructure was disrupted by an unspecified law enforcement agency. The group’s name-and-shame blog, ransom collection website, and breach data content delivery network (CDN) were all allegedly seized, while funds from their cryptocurrency wallets allegedly were exfiltrated. In the meantime the Bitcoin value for 75 Bitcoin has declined from nearly $5 m to $3.3 m in the past week.
This disruption in Ransomware is probably temporary and will return with even greater vigor in a short time. While law enforcement agencies can make it tougher to collect the rewards of ransomware, the real deterrent lies with each organization. It's up to organizations to implement the type of cyber-security that is appropriate and proportionate. Encryption of sensitive data, multifactor authorization, object storage, backup, maintenance updates, are all good practices that will prevent Ransomware. The biggest attacks are usually through email, where employees are tricked into downloading malware. Recently, hackers have also gotten in through weaknesses or compromises in third party software like the
SolarWinds
hack.
While ransomware attacks have largely been a monetary exposure, the Colonial Pipeline Hack has exposed the greater danger of an operational attack which could cripple critical infrastructure and impact national security. Critical infrastructure is as secure as its weakest link and a lot of the links are in the private sector and across geopolitical boundaries. It. Requires all of us to ensure the crypto security of our systems.
#Hu'sPlace
#Blog
2 comments
4 views
Related Content
Ransomware Attack Against Critical Infrastructure
Hubert Yoshida
Added 05-11-2021
Blog Entry
Object Storage: Your Primary Defense Against Ransomware Attacks.
Hubert Yoshida
Added 06-26-2019
Blog Entry
A Valuable Lesson In Cyber Warfare
Hubert Yoshida
Added 05-25-2021
Blog Entry
Ransomware Insurance: Good or Bad?
Hubert Yoshida
Added 07-14-2021
Blog Entry
The Escalating Cost of Ransomware
Hubert Yoshida
Added 07-07-2021
Blog Entry
Permalink
Comments
Chayan Sarkar
05-04-2022 11:51
Thanks for sharing
Dipta Kundu
04-27-2022 02:51
Nicely Written
© Hitachi Vantara LLC 2023. All Rights Reserved.
Powered by Higher Logic