close
  • Ar chevron_right

    Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

    news.movim.eu / ArsTechnica · Saturday, 15 May, 2021 - 10:00

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning

Enlarge (credit: Sean Rayford | Getty Images)

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coast , reports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night , the decision to give in to hackers' demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don't have the backups and other infrastructure necessary to recover otherwise, can't or don't want to take the time to recover on their own, or decide that it's cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims' financials before springing their traps , allowing them to set the highest possible price that their victims can still potentially afford.

Read 11 remaining paragraphs | Comments

index?i=lWQwpmFeF6c:iVko6v6MAzM:V_sGLiPBpWUindex?i=lWQwpmFeF6c:iVko6v6MAzM:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Pipeline attacker Darkside suddenly goes dark—here’s what we know

    news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 21:25

Pipeline attacker Darkside suddenly goes dark—here’s what we know

Enlarge

Darkside—the ransomware group that disrupted gasoline distribution across a wide swath of the US this week—has gone dark, leaving it unclear if the group is ceasing, suspending, or altering its operations or is simply orchestrating an exit scam.

On Thursday, all eight of the dark web sites Darkside used to communicate with the public went down , and they remain down as of publication time. Overnight, a post attributed to Darkside claimed, without providing any evidence, that the group’s website and content distribution infrastructure had been seized by law enforcement, along with the cryptocurrency it had received from victims.

The dog ate our funds

“At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked,” the post stated, according to a translation of the Russian-language post published Friday by security firm Intel471. “The hosting support service doesn't provide any information except ‘at the request of law enforcement authorities.’ In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.”

Read 17 remaining paragraphs | Comments

index?i=6YpXlRdG56U:efbIqwr7pNQ:V_sGLiPBpWUindex?i=6YpXlRdG56U:efbIqwr7pNQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Colonial Pipeline resumes operations after ransomware prompted closure

    news.movim.eu / ArsTechnica · Thursday, 13 May, 2021 - 00:21

A paper sign reading no gas in both English and Spanish has been taped to a gasoline pump.

Enlarge (credit: Getty Images )

Colonial Pipeline said it restarted operations on Wednesday afternoon after a five-day outage brought on by a ransomware attack caused gasoline shortages and panic buying in East Coast states.

colonial-pipeline-300x233.png

“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the operator of the 5,500-mile pipeline said on its website. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”

Colonial temporarily halted operations on Saturday, after determining that it was the victim of a ransomware attack. The pipeline runs through 11 states, from New Jersey to Texas.

Read 5 remaining paragraphs | Comments

index?i=GQ-GchMavXk:rMMhCD_ltyI:V_sGLiPBpWUindex?i=GQ-GchMavXk:rMMhCD_ltyI:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Major ransomware attack cripples gas pipeline on US East Coast

    news.movim.eu / ArsTechnica · Monday, 10 May, 2021 - 16:56

Problems with Colonial Pipeline

Enlarge / Problems with Colonial Pipeline's distribution system tend to lead to gasoline runs and price increases across the US Southeast and Eastern seaboard. In this September 2016 photo, a man prepared to refuel his vehicle after a Colonial leak in Alabama. (credit: Luke Sharrett via Getty Images )

On Friday, Colonial Pipeline took many of its systems offline in the wake of a ransomware attack. With systems offline to contain the threat, the company's pipeline system is inoperative. The system delivers approximately 45% of the East Coast's petroleum products, including gasoline, diesel fuel, and jet fuel.

Colonial Pipeline issued a statement Sunday saying that the US Department of Energy is leading the US federal government response to the attack. "[L]eading, third-party cybersecurity experts" engaged by Colonial Pipeline itself are also on the case. The company's four main pipelines are still down, but it has begun restoring service to smaller lateral lines between terminals and delivery points as it determines how to safely restart its systems and restore full functionality.

Colonial Pipeline has not publicly said what was demanded of it or how the demand was made.

Read 10 remaining paragraphs | Comments

index?i=NLal65JYMbY:bPaSK7n0y70:V_sGLiPBpWUindex?i=NLal65JYMbY:bPaSK7n0y70:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA