UPDATED 21:28 EDT / MAY 10 2021

SECURITY

As Colonial Pipeline scrambles to restore services, ransomware gang vows to be more careful

As Colonial Pipeline Co. scrambles to restore services after a ransomware attack forced it to shut down its fuel pipeline system, the story has taken a strange twist: The ransomware gang behind the attack is promising to be more careful in whom it targets in future attacks.

As reported yesterday, the attack on Colonial Pipeline, which carries more than 100 million gallons of gasoline, diesel, home heating fuel and jet fuel a day and links refineries in Texas to New York via the East Coast, was first detected on Friday. The company was forced to take its systems offline, although as of an updated statement today, some smaller lines have been restored.

The group behind the attack was suspected to be the DarkSide ransomware group and this has now been confirmed by the U.S. Federal Bureau of Investigation. Despite some reports claiming the group is new, it first emerged in August and was linked to the GandCrab and and Sodinokibi groups at the time.

DarkSide first gained widespread attention when it started making charitable donations using funds it had extorted from various businesses in October. The group also said at the time that it would not encrypt files belonging to hospitals, schools, universities, nonprofits and the government sector.

That’s relevant because it appears DarkSide partly regrets targeting Colonial Pipeline. In a press release — apparently ransomware gangs now do press releases — DarkSide addressed rumors that it was linked to Russia and also noted that it would be more careful in the future.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” the DarkSide press release stated, according to Bleeping Computer. “Our goal is to make money and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Colonial Pipeline aims to be substantially back online by the end of the week. The longer it’s offline, however, “problems for society,” as DarkSide puts it, could include fuel shortages and increasing fuel prices in the U.S.

“Attacks against critical infrastructure continue to be a focus for nation-state actors and criminal groups that look to do lasting and impactful damage with their efforts,” Neal Dennis, threat intel specialist at cyberfusion solutions provider Cyware Labs Inc., told SiliconANGLE. “We should expect a similar output from this as with other recent ransomware attacks – pay the ransom, or the data gets dumped. Given the sensitive nature of the business, I would be very surprised if this data does not make its way out.”

Christine Gadsby, vice president of product security at intelligence security company BlackBerry Ltd. noted that it doesn’t matter whether it’s a gas pipeline or life-saving medical devices, securing critical embedded systems presents unique and complex challenges.

The reality, Gadsby explained, is that utility companies are more often investing in information technology to drive greater levels of convenience, which means security can come second. “On top of this, cybersecurity attacks have ramped up in volume and ferocity since the COVID-19 pandemic began a year ago,” she added.

The attack should serve as a wake-up call for securing critical embedded systems, Gadsby said. “The only way to keep the enemy out is to ensure you have good cyberhygiene practices in place, as well as cutting-edge cybersecurity solutions that can detect, protect and deter these sort of attacks in the future,” she said.

Photo: Colonial Pipeline

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU