A Cybercriminal

Colonial Pipeline Cyberattack: Hackers say their aim is cash, not chaos for society

*Though they did not directly mention the cyberattack on the US Colonial Pipeline, the DarkSide hacking group says ‘about the latest news … our goal is to make money, and not creating problems for society’

*Colonial Pipeline Company says it continues to make progress to return the system to service, and deliver existing inventories to markets along the pipeline’s route as gas stations in several Southeastern states reportedly have run out of gas

Gbenga Kayode | ConsumerConnect

Sequel to the recent threatening, extraordinary disruption to the gasoline pipeline facility in the United States (US), DarkSide, the ransomware gang accused of crippling the leading US fuel pipeline operator Monday, May 10 said that it never meant to create havoc.

But regarding this unusual statement by the hacking gang, it was gathered that experts saw this as a sign the cybercriminals’ scheme had gone awry.

Earlier, the country’s Federal Bureau of Investigation (FBI) has accused the group that calls itself ‘DarkSide’ of a digital extortion attempt that prompted Colonial Pipeline to shut down its network, threatening extraordinary disruption as Colonial works to get America’s biggest gasoline pipeline back online by the end of the week.

ConsumerConnect reports that following the attack on the gasoline pipeline facility, in just over two hours, a reported 100 gigabytes of data was exfiltrated and locked down from the Colonial Pipeline IT network, leaving the company without the ability to operate key systems that transport fuel.

The result, said the US Department of Transportation (DOT), was the introduction of the Declaration which “addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief,” report said.

The purported hackers who are behind the Colonial Pipeline attack are believed to be based in former Soviet states, and came to prominence 2020, when they published a press release announcing their formation in the cyberspace.

However, they claim a longer lineage than just 2020.

Their statement said: “We are a new product on the market. But that does not mean we have no experience and we came from nowhere.”

However much their experience, the severity of the chaos they’ve wrought through their hack seems to have taken them aback.

In a turn of event in respect of the latest cyberattack on the Colonial Pipeline, however, a terse news release posted to DarkSide’s Web site did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society,” agency report said.

The statement, report noted, did not say how much money the hackers were seeking. Colonial Pipeline did not offer any comment on the hackers’ statement and US officials have said they have not been involved in ransom negotiations in this regard, and the hackers did not respond to Reuters requests for a comment.

The FBI, Department of Energy and White House have all been involved in a rapid response to the hack, and a server used by the gang was shut down over the weekend.

A familiar source was quoted Monday, that the server held Colonial data and also files stolen in other DarkSide ransomware operations in progress, and that some of the group’s other victims were in the process of being notified.

The FBI office in San Francisco, which had already been investigating DarkSide, was now involved in the law enforcement probe into the Colonial attack along with the FBI in Atlanta, near where the pipeline company is based, report stated.

DarkSide’s statement went on to say that its hackers would launch checks on fellow cybercriminals “to avoid consequences in the future.”

It added the group was “apolitical” and that observers “do not need to tie us” with any particular government.

The statement, which had several spelling and grammatical errors, appeared geared toward lowering the political temperature around one of the most disruptive digital extortion schemes ever reported.

ConsumerConnect had reported that gasoline retail prices have already risen six cents in the latest week – potentially putting them on course for the highest level since 2014.

The largest US refinery – Motiva Enterprises LLC’s 607,000 barrel-per-day (bpd) Port Arthur, Texas, refinery – Sunday, May 9 also shut two crude distillation units because of the outage at Colonial, report quoted familiar sources.

Vehicles at a gas station in the US   Photo: Getty Images

In view of this development in the US, some security experts said the DarkSide hackers were then trying to put some distance between themselves and the chaos they had unleashed on the Colonial Pipeline, the authorities and fuel consumers in the country.

“This isn’t the first time a threat group has gotten in over their heads,” said Lior Div, the co-founder and chief executive of Boston-based security company Cybereason.

Div stated that ransomware groups like DarkSide depended on being able to squeeze their victims discreetly, without attracting too much law enforcement scrutiny.

He also noted: “The global backlash is hurting their business. It is the only reason they are offering a mea culpa.”

US President Joe Biden Monday told reporters that there is evidence that the DarkSide group operates out of Russia.

President Biden said that while there was “so far” no evidence that the Russian government was involved, “they have some responsibility to deal with this.”

Meanwhile, a US official said investigators were still working out the nuances of whether and to what degree the alleged Russian indifference to the cybercriminals was deliberate.

Tackling the steady drumbeat of ransomware incidents taking American businesses hostage is said to have ranked high on the Biden administration’s list of priorities.

A senior official with the US Department of Homeland Security’s cyber arm, CISA, said that the dramatic pipeline company hack should serve as a wakeup call well beyond the energy industry.

Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity,  stated: “All organisations should really sit up and take notice and make urgent investments to make sure that they’re protecting their networks against these threats.

“This time it was a large pipeline company, tomorrow it could be a different company and a different sector. These actors don’t discriminate.”

Gas stations in several Southeastern states have run out of gas

As the Colonial Pipeline shutdown stretches into a fifth day, gas stations all along the East Coast are running out of fuel as panicked motorists formed long lines. Prices are also moving higher, according to report.

It was gathered the AAA Fuel Gauge Survey showed the national average price of regular has risen to $3 a gallon for the first time in seven years, eight cents higher than a week ago.

In Georgia, one of the hardest-hit states, for instance, the average price has risen 18 cents a gallon in the last two days to $2.95 a gallon.

Although the Colonial Pipeline Company has said it expects to resume operations by the weekend, the interruption in supplies caused by a weekend cyberattack has already created a situation at gas stations not seen since the late 1970s in the United States, report noted.

Patrick DeHaan, Head Of Petroleum Analysis at GasBuddy, was busy on Twitter Tuesday night keeping a running count: 30% of gas stations in metro Atlanta were out of fuel; 29% of Charlotte-area stations were on empty; 31% of Raleigh gas stations had no fuel.

The pipeline, originating on the Texas Gulf Coast, carries millions of gallons of gasoline each day across Louisiana, Mississippi, Alabama, Georgia, South Caroline, North Carolina, Virginia, Maryland, New Jersey, and New York, with stops along the way to offload fuel.

Despite the cyberattack on the pipeline, and the subsequent shut down last weekend, the company officials said the attack “did not penetrate vital systems, but the pipeline was shut down out of an abundance of caution.”

The Colonial Pipeline Company in a statement Tuesday, May 11, 2021, said it continues to make progress to return the system to service, with supplementary laterals operating manually to deliver existing inventories to markets along the pipeline’s route.

It stated: “Since our pipeline system was taken offline, working with our shippers, Colonial has delivered approximately 967,000 barrels to various delivery points along our system.

“This includes delivery into the following markets: Atlanta, Ga., Belton and Spartanburg, S.C., Charlotte and Greensboro, N.C., Baltimore, Md., and Woodbury and Linden N.J.”

Once operations resume, the company promises fuel will quickly begin flowing. It says it has taken delivery of 2 million barrels of gasoline from refineries that will begin moving through the pipeline as early as Friday.

Kindly Share This Story