US fuel pipeline 'paid hackers $5m in ransom'

BBC

14th May, 2021 05:40:52 PM printer

US fuel pipeline 'paid hackers $5m in ransom'

A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack.

Colonial Pipeline suffered a ransomware cyber-attack over the weekend and took its service down for five days, causing supplies to tighten across the US.

CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.

Colonial said on Thursday that it would not comment on the issue.

On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang.

Price impact

Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.

The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.

The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.

The average price per gallon hit $3.008 (£2.14) - the highest level seen since October 2014, according to the Automobile Association of America.

US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.

According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.

Toshiba cyber-attack

Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.

However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event.

It said it had put protective measures in place immediately after the attack.

In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.

Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia.

The news that Colonial Pipeline paid these criminals is a major blow to President Biden.

Only this week he signed a long-awaited executive order to beef up federal cyber-security and, in turn, make the US more secure from future attacks.

These efforts have, in the view of some in the cyber-security world, been completely undermined.

How can the Biden administration encourage corporations to spend millions securing their computer networks from attack when they've just witnessed Colonial, under the glare of the public eye, cave in to criminal demands and pay their way out of trouble?

The news will swell the ranks of those in the security world who want ransomware payments banned.

But with companies, jobs and sometimes lives put at risk when ransomware hits, it is a tough call for policymakers.

The potential silver-lining in this case comes from reports that even after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves.

The DarkSide hacker crew can no longer claim that they can restore victims services quickly and this may make others question whether or not to give in to their demands.

 


Top