The largest pipeline system for refined oil products in the US, the Colonial Pipeline, was shut down last week after a ransomware cyberattack. On May 12, the pipeline initiated the restart of operations but the attack highlights the risk of cyber-security threats against important energy infrastructures. It was later reported that Colonial Pipeline paid nearly $5 million as a ransom to hackers after the company fell victim to the cyberattack.
Marcin Zaborowski, policy director of the GLOBSEC Future of Security Program, told New Europe on May 13 that companies must assume that sooner or later they will become cyber-security targets. They must invest in the state-of-the art security programs, which must be constantly updated,” he said, arguing that the blockchain technology provides best protection against unwanted interference of third parties.
Andrey Yarnikh, head of strategic projects at Russia’s Kaspersky lab, told New Europe on May 14 currently, encryption ransomware programs are one of the most dangerous trends for the Internet. “Encryption mechanisms rarely give a chance of successful decryption, this is the case when it is much easier and cheaper to prevent infection than to correct the consequences of an attack that has already occurred,” Yarnikh said.
Colonial Pipeline had to shut it down on May 8 following a cyberattack which later the FBI confirmed that the Darkside ransomware was responsible for the compromise of the pipeline networks. “We continue to work with the company and our government partners on the investigation,” the FBI said in a statement.
Zaborowski explained that the Darkside operates like a business, which can be contracted to perform an attack on a selected services and demand ransom in exchange for decryption tools. “It’s highly effective and commercially minded,” he said.
The GLOBSEC expert said the payment risks encouraging other criminal groups to take US companies hostage by seizing control of their computers. “Of course, paying a ransom is sending a signal of encouragement to cyber criminals. We can expect more cyberattacks now,” Zaborowski said.
US President Joe Biden has said that Russia bears some responsibility for the Colonial Pipeline cyberattack, but stopped short of blaming the Kremlin. “They have some responsibility to deal with this,” Bloomberg quoted Biden as telling reporters at the White House on May 10, after announcing that “my administration will be pursuing a global effort of ransomware attacks”. He noted that efforts were underway with the FBI and DOJ – Department of Justice – to disrupt and prosecute ransomware criminals.
Earlier, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and global money laundering networks.
Zaborowski told New Europe the Darkside group emerged first at the Russian language forums and the Colonial Pipeline attack is believed to have originated from the Russian territory. “However, the involvement of the Russian government seems unlikely at the point in time,” the GLOBSEC expert said. “Naturally, infrastructures in Europe and in fact anywhere else in the world can became a potential target of the Darkside,” he added.
Yarnikh called for an international format for investigating ransomware cyberattacks. “In my opinion, we need an international format for investigating such incidents. not the accusatory bias of ‘probably and possibly’ but joint work – possibly at the UN level – to counter cross-border criminals,” he told New Europe.
“As a company, we participate and promote the non-profit initiative in every possible way https://www.nomoreransom.org/. So that the affected companies do not pay a ransom and have the opportunity to save their data for free. Unfortunately, this is not always possible… according to the attribution of cyberattacks, it is also impossible to draw unambiguous conclusions, criminals sell each other attack tools, use false traces and specifically leave false flags in order to direct researchers on a false trail,” Yarnikh said.
The Colonial Pipeline said on May 12 it will take several days for the product delivery supply chain to return to normal and pledged to move as much gasoline, diesel and jet fuel as is safely possible.
“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the Georgia-based Colonial Pipeline Co said in a statement. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” the company added.
The cyberattack on the Colonial Pipeline, which is an important source of refined oil products in the US, is 5,500 miles long and can carry 3 million barrels of fuel per day between Texas and New York, caused gas price hikes as motorists feared fuel shortages. As Colonial Pipeline tried to restore most of its operations, lines of panic buyers formed at gas stations across the Southeastern United States.
Atlantic Council expert Cynthia Quarterman, which is a distinguished fellow at the Global Energy Center and former administrator of the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration, said any increase in gas prices “is likely to be mildly escalatory and short-lived.” But she added that the hack “exposes the soft underbelly of the nation’s critical energy infrastructure”. If a company like Colonial, which should have the resources for robust cyber defenses, could be “paralyzed,” Quarterman added, that means smaller companies are even more vulnerable to attack. “In that circumstance, an environmental, explosive, or economic catastrophe might not be averted.”
follow on twitter @energyinsider