did they pay the ransom???
Posted on 05/13/2021 5:10:35 AM PDT by Spktyr
Colonial Pipeline will soon resume its normal operations after being forced to shut down due to a ransomware attack. The company has announced that it has initiated its return to service at 5PM Eastern time on May 12th. Since it will take some time to deliver gasoline and diesel to all the areas it serves, some locations may continue suffering from fuel shortage. Colonial promises to "move as much gasoline, diesel, and jet fuel as is safely possible," though, "until markets return to normal."
The pipeline company was targeted by the DarkSide ransomware group, which demanded nearly $5 million in bitcoin. Colonial is a major source of fuel for the East Coast, and the situation triggered fuel shortages. It didn't say whether it's now able to resume fuel shipments because it paid up, but according to CNN, Colonial was able to retrieve its most important data without payment changing hands. The company reportedly worked with US agencies to take a key server offline to disrupt the cyberattack, allowing it to restore its system from backups.
CNN says Colonial paused its operations, because its billing system was compromised in the attack. It had to fix the system first before it could restart its business, and that took some time to accomplish. Colonial didn't confirm whether that truly was the case and whether it paid anything to the attackers.
CISA and the FBI confirmed that DarkSide was used as a "ransomware-as-a-service" to attack the pipeline company. In "ransomware-as-a-service" arrangements, the ransomware's developers get a piece of whatever the affiliates (the actual cyberattackers) get. A CNN source said the affiliate in this attack was likely Russian. DarkSide, previously said, however, that it's apolitical and that all it wanted was to "make money."
Shutting down to inspect for a common vulnerability was prudent. But if they were truly down for a week because some green visor type was worried about getting paid I’m with you.
So instead of having secondary billing metric systems that can kick in, they shut the machinery down for fear they would get paid? At a cost of 100’s of billions to the GDP and causing much fear and anxiety?
Yes I think the deep state is a danger and they’ll probably see this mishap as some sort of opportunity but I think we have to fault the greed and the foolishness of those running the systems at Colonial on this one. I smell stupid millennial thinking at work.(”Oh we won’t be able to account for continuous flow rates for billing, no no using intake/output secondary records from the terminals later won’t work, it will take weeks to tabulate...oh I know let’s shut the machines all down...that’s right... turn all the pipes off till the billing software comes back up again!!...whewww!... time for my expresso latte’ with butterscotch!!”
meant to say “wouldn’t get paid”...sorry!
“You do not connect anything that has access to SCADA, that is, control systems, to the Internet. Period. I don’t care how. I don’t why. I don’t care what. You don’t do it. End of discussion.”
Amen!
“Correct- the only thing the hackers took was customer and internal financial data.”
Thanks for the confirmation as I heard it only from a co-worker. Did you see it in the news?
Bad news when our economy starts shutting down quickly because of an “administrative error”. Fuel is a utility as surely as electricity. More government regulation needed to assure uninterrupted delivery? I hate to say that.
Just read an AP article about the pipeline problem. No mention of it being a billing problem. Strange.
News sucks. The MSM reports I heard on the radio said they stated they did NOT pay. And when they say "started" I'm sure it's a "trickle" to stave off the hoarders. The government lies to America every day. Just like the whole mask BS.
Did they pay the ransom and just whom got the money?
“That article was written by an illiterate who does not know the Internet, SCADA, or much of anything. Who the Hell uses black on gray for text except kids?
All utilities are Internet connected and do just fine.”
I defer to your subject matter knowledge.
“Do not take this incident at liberal media face value, that somehow a ransomware attack took out an entire network.”
If the FBI said the sky was blue, I would not believe them.
did they pay the ransom???
Notice how fast the gas lines are going???? One thing the Biden administration doesn’t want is panic and gas lines..Did the company pay the ransom????
Restoration of a huge, complex network like this, without the restoration leading to repeat crashes, major damaged equipment, a possible major spill or spills, etc., is no small task. This is NOT some simple large pipe with a few pumps running and storage tanks on each end. Once the threat to the OP network is guaranteed to be eliminated (or risk same problems listed above) then restart can begin, but it takes time to get it all running reasonably smoothly. Don’t believe me — ask someone in the biz.
The IT network in this case is the gateway to the OP network, which is where the real threat of major damage exists. The billing issue is relatively minor, as all billings could be restored from backups. Major physical damage to the system is a different matter. (This is not dissimilar to a power grid OT hack leading to blown transformers and such. Try restoring such things in quantity from “backup”...
Additionally, but secondary, please realize that being down system-wide for any length of time (a day or more?) would be far more costly than the problem of restoring billings.
However, the mention of the billing system has provided another gateway: For anti free enterprise and capitalism types to attack! “Fossil fuel business bad”, therefore “government should control this evil and (implied) work to eliminate.”
A revision of “industry standard practice” guidelines and industry self-policing (in their own interest!) should suffice.
It is truly saddening to watch so many FReepers fall into the first stage of this socialist trap.
The news reports say it was the billing software not the machine controls. Nothing was damaged as to the pipeline controls. They couldn’t document what was coming thru in a way to capture for billing. If the machinery computers had been disrupted they wouldn’t have been able to shut the pipelines down or bring them back up as easily as they have. While I’ll concede it may have been prudent to check the command and control software, this was not a ‘stuxnet’ event and that should have been evident within a few hours.
Not against responsible business practices or capitalism. Just against a thought process on some folks in “lifeline of a nation” kind of businesses that have no appreciation of the scope of damage to the nation that occurs when they don’t manage these types of businesses properly. Now we’ll have reactionary liberal congress members calling for nationalization and government controls of “these vital pipelines”...you watch, they’ll call for it. Imagine the Amtrak version of fuel supply pipeline management.
What happened to the old CSM
Retired big time in France?.
Firstly, I had to refresh my memory on Karl Denninger -- he's one of the founder of the Tea Party movement back in 2009. Hard-core Libertarian. Quite obviously has strong opinions about... things. Including black on gray for text. $;-)
Before I start, please bear in mind that I'm a coder and not a network security expert, nor do I play one on TV. That said...
Denninger's right in his pie-in-the-sky proposal of doing things. But in this imperfect world, just about every damned thing is connected to the net in some way, and just about everything has a USB port, so what he says is the only way to go is rare out in the actual wild. When breaches can occur from a web-enabled 'smart fridge' that no one even knew about much less knew was active and on, it's that vine you don't see that trips you up. Yes, this sort of thing could be detected with scheduled device scan and verification on one's LAN. If everyone does their jobs without fail. Ergo, 100% leakproof is a tough one, although it can and is done. We only hear about the failures, though, so there's that.
That bit about 1,000,000 gallons of GASOLINE leaking out over a 8-month span... that's an odd story. I am not familiar with this locale, but damn, that much GAS (not oil, but gasoline) leaking into the waterways over that long a time would have been noticed by more than just a couple of kids on ATVs. And if there was such a thing happening, I'm sure the EPA would be all over that place like white on rice. They're our heroes, after all, and they're always looking to validate next year's budget. So there's a lot of unanswered questions on that.
Going off into conspiracy-land a bit, maybe there was a hack and there is a leak and the hack is what caused it, many moons ago. Finally the 'Darkside'rs want a big payoff, with consequences too big to ignore. That might embarrass a lot of influential people, so it's been kept hush until now. Who knows? Chances are good we'll never know who did what and what actually happened.
My $0.02 (before taxes).
No idea, the article has all the info I currently have.
If it’s like many old-line companies, the cybersecurity manager probably was screaming to be allowed to perform needed changes and updates or buy new equipment, got told no by the leadership all the way through the board level and quit in disgust in order to avoid having his or her name attached to the inevitable disaster they weren’t actually responsible for.
No, I disagree. They should have had the SCADA gear protected by a good VPN with limited access at best, through the control center, and the gear itself should have been on an actual private network. Completely air-gapping the system means that a decapitation event is possible and then you lose everything. Think 9/11.
Basically, the same level of security used by large consumer lending banks would have prevented this problem.
The pipeline control gear is fail-safe (one of the few things the Feds got right about their IT regulations in the industry) - if the upstream control computers go offline or even the local control computer goes offline, the rest of the control circuitry will shut down flow. If it was just the billing software, they would have been able to get it under control in a day or so.
Probably being very, very quiet because chances are good that ingress may have been made using the ‘escaped’ NSA intrusion toolkit.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.