The Colonial Pipeline, the United States’ largest pipeline system for refined oil products, was shut down last week after a ransomware cyberattack. The pipeline began operations again on May 12, but the attack shows the dangers of cyber-security threats to critical energy infrastructure. Colonial Pipeline was later claimed to have charged nearly $5 million in ransom to hackers after being the target of a cyberattack.
On May 13, Marcin Zaborowski, policy director of the GLOBSEC Future of Security Program, told New Europe that businesses must expect to be cyber-security targets sooner or later. They must invest in cutting-edge security programs that must be modified on a regular basis,” he said, claiming that blockchain technology offers the best defence against unauthorised third-party intrusion.
Andrey Yarnikh, head of strategic projects at Russia’s Kaspersky lab, told New Europe on May 14 currently, encryption ransomware programs are one of the most dangerous trends for the Internet. “Encryption mechanisms rarely give a chance of successful decryption, this is the case when it is much easier and cheaper to prevent infection than to correct the consequences of an attack that has already occurred,” Yarnikh said.
Colonial Pipeline was forced to shut down on May 8 as a result of a cyberattack. The FBI later reported that the Darkside ransomware was to blame for the pipeline networks’ breach. In a quote, the FBI said, “We continue to work with the company and our government partners on the investigation.”
The Darkside, according to Zaborowski, works like a company that can be hired to attack specific services and demand a ransom in return for decryption software. He described “It’s highly effective and commercially minded.”
The payment, according to the GLOBSEC expert, risks allowing other criminal groups to kidnap US companies by taking control of their computers. “Of course, paying a ransom is sending a signal of encouragement to cyber criminals. We can expect more cyberattacks now,” Zaborowski said.
US President Joe Biden has said that Russia bears some responsibility for the Colonial Pipeline cyberattack, but stopped short of blaming the Kremlin. “They have some responsibility to deal with this,” Bloomberg quoted Biden as telling reporters at the White House on May 10, after announcing that “my administration will be pursuing a global effort of ransomware attacks”. He noted that efforts were underway with the FBI and DOJ – Department of Justice – to disrupt and prosecute ransomware criminals.
Transnational offenders are most often the perpetrators of these crimes, according to Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger, and they often use global infrastructure and global money laundering networks.
Zaborowski told New Europe the Darkside group emerged first at the Russian language forums and the Colonial Pipeline attack is believed to have originated from the Russian territory. “However, the involvement of the Russian government seems unlikely at the point in time,” the GLOBSEC expert said. “Naturally, infrastructures in Europe and in fact anywhere else in the world can became a potential target of the Darkside,” he added.
Yarnikh called for an international format for investigating ransomware cyberattacks. “In my opinion, we need an international format for investigating such incidents. not the accusatory bias of ‘probably and possibly’ but joint work – possibly at the UN level – to counter cross-border criminals,” he told New Europe.
“As a company, we participate and promote the non-profit initiative in every possible way https://www.nomoreransom.org/. So that the affected companies do not pay a ransom and have the opportunity to save their data for free. Unfortunately, this is not always possible… according to the attribution of cyberattacks, it is also impossible to draw unambiguous conclusions, criminals sell each other attack tools, use false traces and specifically leave false flags in order to direct researchers on a false trail,” Yarnikh said.
The Colonial Pipeline said on May 12 that the product distribution supply chain would take several days to return to normal, but that it would move as much gasoline, diesel, and jet fuel as safely possible.
“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the Georgia-based Colonial Pipeline Co said in a statement. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” the company added.
The cyberattack on the Colonial Pipeline, a major source of refined oil products in the United States that is 5,500 miles long and capable of transporting 3 million barrels of fuel per day between Texas and New York, caused gas prices to rise as motorists worried about fuel shortages. Lines of panic buyers developed at gas stations throughout the Southeast as Colonial Pipeline attempted to restore much of its operations.
Atlantic Council expert Cynthia Quarterman, which is a distinguished fellow at the Global Energy Center and former administrator of the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration, said any increase in gas prices “is likely to be mildly escalatory and short-lived.” But she added that the hack “exposes the soft underbelly of the nation’s critical energy infrastructure”. If a company like Colonial, which should have the resources for robust cyber defenses, could be “paralyzed,” Quarterman added, that means smaller companies are even more vulnerable to attack. “In that circumstance, an environmental, explosive, or economic catastrophe might not be averted.”