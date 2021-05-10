NEW YORK (AP) The shutdown of a vital U.S. pipeline due to a ransomware attack spanned a third day on Sunday, with the Biden administration saying a general effort was underway to restore operations and avoid gasoline supply interruptions.

Experts said gas prices are unlikely to be affected if normal operations resume in the coming days, but the incident, the worst cyberattack to date on critical US infrastructure, should serve as a warning. companies on the vulnerabilities they face.

The pipeline, operated by Georgia-based Colonial Pipeline, transports gasoline and other fuels from Texas to the northeast. It provides about 45% of the fuel consumed on the East Coast, according to the company.

Ransomware attacks are usually carried out by hackers who lock down computer systems by encrypting the data and then demand a large ransom to free it. Colonial Pipeline did not say what was requested or who requested it.

However, a person familiar with the investigation who spoke on condition of anonymity identified the responsible ransomware gang as DarkSide. It has been active since August and, typical of the most powerful ransomware gangs, it is known to avoid targeting organizations in countries of the former Soviet bloc.

DarkSide is one of the ransomware gangs that have professionalized a criminal industry that has cost Western countries tens of billions of dollars in losses over the past three years.

He tries to promote an image of Robin Hood, claiming that he does not attack medical, educational or government targets only of large corporations and that he donates a portion of his catch to charity.

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are what businesses now need to be concerned about and that she will work very vigorously with the Department of Homeland Security to resolve the issue, calling it a top priority. for administration.

Unfortunately, these types of attacks are becoming more common, she told CBS Face the Nation. We need to work in partnership with businesses to secure networks in order to defend against these attacks.

The shutdown, meanwhile, continued into its third day, with the Biden administration easing regulations on the transport of petroleum products on highways as part of a general effort to avoid disruptions in the supply of petroleum products. fuel.

She said President Joe Biden had been briefed on the attack.

It’s an all-terrain effort on the bridge right now, Raimondo said. And we are working closely with the company, national and local authorities to ensure that they return to normal operations as quickly as possible and that there are no disruptions in supply.

The Ministry of Transport has issued a regional emergency declaration On Sunday, hours of service regulations were eased for drivers carrying gasoline, diesel, jet fuel and other refined petroleum products in 17 states and the District of Columbia. This allows them to work overtime or more flexible hours to compensate for any fuel shortages related to the pipeline failure.

The person familiar with the Colonia pipeline investigation said that before activating the ransomware, attackers stole data, likely to be used for extortion. Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, as some victims are reluctant to have their sensitive information dumped online.

Colonial did not say whether he paid or negotiated a ransom, and DarkSide did not announce the attack on its dark website or respond to questions from Associated Press reporters. Lack of recognition usually indicates that a victim is negotiating or has paid.

FILE – In this file photo from September 20, 2016, vehicles are seen near the Colonial Pipeline in Helena, Alabama. A major pipeline that transports fuels along the East Coast says it had to shut down because it was the victim of a cyber attack. Colonial Pipeline said in a statement Friday evening that it had taken some systems offline to contain the threat, which temporarily halted all pipeline operations and affected some of our IT systems. (AP Photo / Brynn Anderson, file)

The security expert said the attack should be a warning to operators of critical infrastructure, including electricity and water utilities and energy and transport companies that are not investing in maintaining their security puts them at risk of disaster.

Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky his attacker was at least ostensibly motivated solely by profit, not geopolitics. State-backed hackers bent on more serious destruction use the same intrusion methods as ransomware gangs.

For businesses vulnerable to ransomware, this is a bad sign as they are likely more vulnerable to more serious attacks, he said. Russian cyber warriors, for example, crippled the electricity grid in Ukraine during the winters of 2015 and 2016.

Cyberextortion attempts in the United States have become a phenomenon of fatal cuts by the thousands over the past year, with attacks on hospitals causing delays in cancer treatment, disrupting education and crippling police and city governments. .

Tulsa, Oklahoma, this week became the 32nd state or local government in the United States to be attacked by ransomware, said Brett Callow, threat analyst at cybersecurity firm Emsisoft.

The average ransoms paid in the United States nearly tripled to over $ 310,000 last year. The average downtime for victims of ransomware attacks is 21 days, according to Coveware, which helps victims respond.

David Kennedy, founder and senior senior security consultant at TrustedSec, said that once a ransomware attack is discovered, companies have little recourse but to completely rebuild their infrastructure or pay the ransom.

Ransomware is absolutely out of control and is one of the biggest threats we face as a nation, Kennedy said. The problem we face is that most businesses are not prepared to deal with these threats.

Colonial Pipeline transports gasoline, diesel, jet fuel and heating oil from refineries on the Gulf Coast through pipelines from Texas to New Jersey. Its pipeline network spans more than 5,500 miles, transporting more than 100 million gallons per day.

Debnil Chowdhury, of research firm IHSMarkit, said if the outage lasts one to three weeks, gas prices could start to rise.

I wouldn’t be surprised, if it ends up being an outage of this magnitude, if we see a 15 to 20 cent increase in gas prices over the course of the week or two, he said.

The Department of Justice has a new task force dedicated to combating ransomware attacks.

While the United States has not suffered any serious cyberattacks on its critical infrastructure, officials say Russian hackers in particular are known to have infiltrated certain critical sectors, positioning themselves to do damage if armed conflict breaks out.

Iranian hackers have also been aggressive in trying to gain access to utilities, factories, and oil and gas facilities. In one case in 2013, they broke into the control system of a US roadblock.