Английская Википедия:Colonial Pipeline ransomware attack

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description Шаблон:Use American English Шаблон:Use mdy dates Шаблон:Infobox event On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline.[1][2][3] The Colonial Pipeline Company halted all pipeline operations to contain the attack.[4][5][6][7] Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours;[8][9] upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.[9]

The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9.[10] It was the largest cyberattack on an oil infrastructure target in the history of the United States.[11] The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party.[12] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[13]

On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (about 84% of the original payment) from the ransom payment,[14] but due to a crash in the value of Bitcoin in late May,[15] the recovered bitcoins were worth only around $2.3 million USD,[14] roughly half of their original value.

This was one of first high profile corporate cyber attacks which started from a breached employee personal password likely found on the dark web rather than a direct attack on the company's systems.[16]

Background

The pipeline network managed by The Colonial Pipeline Company carries gasoline, diesel and jet fuel from Texas to as far away as New York. About 55% of all fuel consumed on the East Coast arrives via the pipeline system.[17] The attack came amid growing concerns over the vulnerability of infrastructure (including critical infrastructure) to cyberattacks after several high-profile attacks, including the 2020 SolarWinds hack that hit multiple federal government agencies, including the Defense, Treasury, State, and Homeland Security departments.[3][18]

Impact

Файл:2021-05-15 14 33 28 Out-of-service gas pumps due to panic buying after the Colonial Pipeline cyberattack at the Wawa along Air and Space Museum Parkway in Oak Hill, Fairfax County, Virginia.jpg
Panic buying caused widespread gasoline shortages
Файл:2021-05-14 20 59 41 An out-of-service gas pump due to panic buying after the Colonial Pipeline cyberattack at the Sunoco gas station in the Franklin Farm Village Shopping Center in the Franklin Farm section of Oak Hill, Fairfax County, Virginia.jpg
Some filling stations were without fuel for several days

The primary target of the attack was the billing infrastructure of the company. The actual oil pumping systems were still able to work. According to CNN sources in the company, the inability to bill the customers was the reason for halting the pipeline operation.[19] Colonial Pipeline reported that it shut down the pipeline as a precaution due to a concern that the hackers might have obtained information allowing them to carry out further attacks on vulnerable parts of the pipeline. The day after the attack, Colonial could not confirm at that time when the pipeline would resume normal functions.[4] The attackers also stole nearly 100 gigabytes of data and threatened to release it on the internet if the ransom was not paid.[13] It was reported that within hours after the attack the company paid a ransom of nearly 75 Bitcoins ($4.4 million USD) to the hackers in exchange for a decryption tool, which proved so slow that the company's business continuity planning tools were more effective in bringing back operational capacity.[20][21]

On May 9, Colonial stated they planned to substantially repair and restore the pipeline's operations by the end of the week.[22]

In response to fuel shortages at Charlotte Douglas International Airport caused by the pipeline shutdown, American Airlines changed flight schedules temporarily.[23] At least two flights (to Honolulu and London) had fuel stops or plane changes added to their schedules for a four-day period. The shortage also required Hartsfield–Jackson Atlanta International Airport to use other fuel suppliers, and there are at least five other airports directly serviced by the pipeline.[24]

Fuel shortages began to occur at filling stations amid panic buying as the pipeline shutdown entered its fourth day.[25][26] Alabama, Florida, Georgia, North Carolina, and South Carolina all reported shortages.[25] Areas from northern South Carolina to southern Virginia were hardest hit, with 71% of filling stations running out of fuel in Charlotte on May 11[27] and 87 percent of stations out in Washington, D.C., on May 14.[28] Average fuel prices rose to their highest since 2014, reaching more than $3 a gallon.[29]

Responses

U.S. President Joe Biden declared a state of emergency on May 9, 2021. During regular times there were limits on the amount of petroleum products that could be transported by road, rail, etc., domestically within the U.S. mainland. However, with the declaration in place, these were temporarily suspended.[30]

On May 10, Georgia Governor Brian Kemp declared a state of emergency,[31] and temporarily waived collection of the state's taxes on motor fuels (diesel and gasoline).[32] In response to panic buying in the Southeast, U.S. Transportation Secretary Pete Buttigieg and U.S. Energy Secretary Jennifer Granholm on May 12 both cautioned against gasoline hoarding, reiterating that the United States was undergoing a "supply crunch" rather than a gas shortage.[33][34]

On May 12, the U.S. Consumer Product Safety Commission advised people to "not fill plastic bags with gasoline" or to use any containers not meant for fuel.[34]

Biden signed Executive Order 14028[35] on May 12, increasing software security standards for sales to the government, tighten detection and security on existing systems, improve information sharing and training, establish a Cyber Safety Review Board, and improve incident response. The United States Department of Justice also convened a cybersecurity task force to increase prosecutions.[36]

The Department of State issued a statement that a $10,000,000 reward would be given out in case of information leading to the arrest of DarkSide members.[37]

Perpetrators

DarkSide released a statement on May 9 that did not directly mention the attack, but claimed that "our goal is to make money, and not creating problems for society."[38][30]

Pipeline restart

The restart of pipeline operations began at 5 p.m. on May 12,[39] ending a six-day shutdown, although Colonial Pipeline Company warned that it could take several more days for service to return to normal. The pipeline company stated that several markets that are served by the pipeline may experience, or continue to experience, intermittent service interruptions during the restart. The company also stated that they would move as much gasoline, diesel and jet fuel as safely possible until markets return to normal.[40][41] All Colonial Pipeline systems and operations had returned to normal by May 15.[39] After the shutdown, the average national price of gasoline rose to the highest it had been in over six years, to about an average of US$3.04 a gallon on May 18. The price increase was more pronounced in the southern states, with prices rising between 9 and 16 cents in the Carolinas, Tennessee, Virginia, and Georgia. Around 10,600 gas stations were still without gas as of May 18.[42][43][44]

In a May 19, 2021, interview with The Wall Street Journal, Joseph Blount said why he ultimately decided to pay a $4.4 million ransom to hackers who breached the company's systems; "It was the right thing to do for the country." He also said, "I know that's a highly controversial decision".[45]

Investigations

Biden said on May 10 that though there was no evidence that the Russian government was responsible for the attack, there was evidence that the DarkSide group is in Russia, and that thus, Russian authorities "have some responsibility to deal with this".[46][30] Independent cybersecurity researchers have also stated the hacking group is Russian as their malware avoids encrypting files in a system where the language is set to Russian.[30][47]

In the aftermath of the attack, it was revealed at a Senate Armed Services cyber subcommittee hearing that the Department of Homeland Security was not alerted to the ransomware attack and that the Justice Department was not alerted to the ransom type or amount, prompting discussion about the numerous information silos in the government and difficulties of sharing.[48]

Blockchain analytics firm Elliptic published a bitcoin wallet report showing $90 million in bitcoin ransom payments were made to DarkSide or DarkSide affiliates over the last year, originating from 47 distinct wallets. According to a DarkTracer release of 2226 victim organizations since May 2019, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom and that the average payment was $1.9 million. The DarkSide developer had received bitcoins worth $15.5 million (17%), with the remaining $74.7 million (83%) going to the various affiliates.[49][50]

Partial ransom recovery

Файл:DarkSide Bitcoin Seizure Warrant June 7 2021 N.D. Ca.pdf
Warrant authorizing the seizure of 63.7Шаблон:NbspBTC by the FBI.

The U.S. Department of Justice issued a press release on June 7, 2021, stating that it had seized 63.7 Bitcoins from the original ransom payment.[14] The value of the recovered Bitcoins was only $2.3 million, because the trading price of Bitcoin had fallen since the date of the ransom payment. Through possession of the private key of the ransom account, the FBI was able to retrieve the Bitcoin, though it did not disclose how it obtained the private key.[51][52]

See also

References

Шаблон:Reflist

External links

Шаблон:Hacking in the 2020s

Партнерские ресурсы
Криптовалюты
Магазины
Хостинг
Разное

  1. Шаблон:Cite web
  2. Шаблон:Cite web
  3. 3,0 3,1 Шаблон:Cite web
  4. 4,0 4,1 Шаблон:Cite web
  5. Шаблон:Cite web
  6. Шаблон:Cite web
  7. Шаблон:Cite web
  8. Шаблон:Cite web
  9. 9,0 9,1 Шаблон:Cite web
  10. Шаблон:Cite web
  11. Шаблон:Cite news
  12. Шаблон:Cite web
  13. 13,0 13,1 Шаблон:Cite news
  14. 14,0 14,1 14,2 Шаблон:Cite web
  15. Шаблон:Cite web
  16. Шаблон:Cite news
  17. Шаблон:Cite web
  18. Шаблон:Cite news
  19. Шаблон:Cite news
  20. Шаблон:Cite web
  21. Шаблон:Cite news
  22. Шаблон:Cite web
  23. Шаблон:Cite news
  24. Шаблон:Cite news
  25. 25,0 25,1 Шаблон:Cite web
  26. Шаблон:Cite news
  27. Шаблон:Cite news
  28. Шаблон:Cite news
  29. Шаблон:Cite web
  30. 30,0 30,1 30,2 30,3 Шаблон:Cite news
  31. Шаблон:Cite web
  32. Шаблон:Cite news
  33. Шаблон:Cite news
  34. 34,0 34,1 Шаблон:Cite web
  35. Executive Order on Improving the Nation’s Cybersecurity (full text)
  36. Шаблон:Cite web
  37. Шаблон:Cite web
  38. Шаблон:Cite news
  39. 39,0 39,1 Шаблон:Cite news
  40. Шаблон:Cite web
  41. Шаблон:Cite news
  42. Шаблон:Cite news
  43. Шаблон:Cite web
  44. Шаблон:Cite web
  45. Шаблон:Cite news
  46. Шаблон:Cite news
  47. Шаблон:Cite web
  48. Шаблон:Cite web
  49. Шаблон:Cite web
  50. Шаблон:Cite web
  51. Шаблон:Cite tweet
  52. Шаблон:Cite news
Источник — http://wikihandbk.com/ruwiki/index.php?title=Английская_Википедия:Colonial_Pipeline_ransomware_attack&oldid=14023017