Cyberattack on pipeline a wake-up call

NEW YORK－A cyberextortion attempt that has forced the shutdown of a vital pipeline in the United States was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two sources said on Sunday.

The multiday shutdown has sparked an "all-hands-on-deck "effort to avoid further disruptions in fuel supply, US Commerce Secretary Gina Raimondo said on Sunday.

Experts said that gasoline prices are unlikely to be affected if the pipeline is back to normal in the next few days but that the incident－the worst cyberattack to date on critical US infrastructure－should serve as a wake-up call to companies about the vulnerabilities they face.

The pipeline, operated by Georgia-based Colonial Pipeline, carries gasoline and other fuel from Texas to the US Northeast. It delivers roughly 45 percent of the fuel consumed on the East Coast, according to the company.

It was hit by what Colonial called a ransomware attack, in which hackers typically lock up computer systems by encrypting data, paralyzing networks, and then demand a large ransom to unscramble it.

On Sunday, Colonial Pipeline said it was actively in the process of restoring some of its IT systems. It says it remains in contact with law enforcement and other federal agencies, including the US Department of Energy, which is leading the federal response. The company has not said what was demanded or who made the demand.

However, two people close to the investigation identified the culprit as DarkSide. It is among ransomware gangs that have "professionalized" an industry that has cost many nations tens of billions of dollars in losses in the past three years.

DarkSide claims that it does not attack hospitals and nursing homes, educational or government targets and that it donates a portion of its take to charity.

Colonial did not say whether it has paid or was negotiating a ransom, and DarkSide said nothing about the attack on its site.

On Sunday, Colonial Pipeline said it is developing a "system restart" plan. It said its main pipeline remains offline but some smaller lines are now operational.

Raimondo said on Sunday that the attacks are "what businesses now have to worry about", and that she will work "very vigorously "with the Department of Homeland Security to address the problem.

She said US President Joe Biden was briefed on the attack, adding: "It's an all-hands-on-deck effort right now."

Vulnerable companies

Security experts said the attack should be a warning for operators of critical infrastructure－including electrical and water utilities and energy and transportation companies－that not investing in updating their security puts them at risk of catastrophe.

Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky its attacker was at least ostensibly motivated only by profit.

"For companies vulnerable to ransomware, it's a bad sign because they are probably more vulnerable to more serious attacks," he said.

David Kennedy, founder and senior principal security consultant at TrustedSec, said that once a ransomware attack is discovered, companies have little recourse but to completely rebuild their infrastructure, or pay the ransom.

Colonial transports gasoline, diesel, jet fuel and home heating oil from refineries on the Gulf Coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 8,850 kilometers, transporting more than 380 million liters a day.

Agencies Via Xinhua