Friday, January 21News That Matters

Tag: DarkSide (Hacking Group)

Companies Linked to Russian Ransomware Hide in Plain Sight

Companies Linked to Russian Ransomware Hide in Plain Sight

Technology
MOSCOW — When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow.The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victims’ digital data and then demand payments to unscramble it.Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles.That this ...
Bitcoin Is Actually Traceable, Pipeline Investigation Shows

Bitcoin Is Actually Traceable, Pipeline Investigation Shows

Technology
When Bitcoin burst onto the scene in 2009, fans heralded the cryptocurrency as a secure, decentralized and anonymous way to conduct transactions outside the traditional financial system.Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.But this week’s revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think.On Monday, the Justice Department announced it had traced 63.7 of the 75 Bitcoins — so...
U.S. Seizes Share of Ransom From Hackers in Colonial Pipeline Attack

U.S. Seizes Share of Ransom From Hackers in Colonial Pipeline Attack

Business
WASHINGTON — The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.Investigators in recent weeks traced 75 Bitcoins worth more than $4 million that Colonial Pipeline had paid to the hackers as the attack shut down its computer systems, prompting fuel shortages, a spike in gasoline prices and chaos at airlines.Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement of...
Irish Hospitals Hit by Cyberattacks, Forcing an I.T. Shutdown

Irish Hospitals Hit by Cyberattacks, Forcing an I.T. Shutdown

Technology
Health network officials have described the attack as “highly sophisticated” and claim attackers used an undiscovered bug in software known as a zero-day to breach their systems. They did not name the affected software and did not provide evidence to back up their claims.However, FireEye, the cybersecurity firm, released a report last month that found a ransomware group used a zero-day in SonicWall VPN security devices to breach organizations. Typically, ransomware gangs are known to break in using unpatched software, weak passwords or phishing attacks. The use of zero-days would mark a major advance in criminals’ tactics, and increase the likelihood that they can break into organizations’ networks undetected.Ransomware attacks against hospitals surged after two separate efforts — one by t...
Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

Business
HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the l...
Pipeline Attack Reveals Weaknesses in U.S. Cybersecurity

Pipeline Attack Reveals Weaknesses in U.S. Cybersecurity

Technology
For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond.But when the real, this-is-not-a-drill moment arrived, it didn’t look anything like the war games.The attacker was not a terror group or a hostile state like Russia, China or Iran, as had been assumed in the simulations. It was a criminal extortion ring. The goal was not to disrupt the economy by taking a pipeline offline but to hold corporate data for ransom.The most visible effects — long lines of nervous motorists at gas stations — stemmed not from a government response but from a decision by the victim, Colonial Pipeline, which controls nearly half the gasoline, jet fuel and dies...
Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Technology
Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to people briefed on the transaction.The payment came after cybercriminals last week held up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.The shutdown of the company’s network, which includes 5,500 miles of pipeline that supplies nearly half the gas, diesel and jet fuel to the East Coast, triggered a cascading crisis that led to emergency meetings at the White House, a ju...
Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

Technology
WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the ...
Colonial Pipeline Resumes Operation: Latest News on the Shutdown

Colonial Pipeline Resumes Operation: Latest News on the Shutdown

Technology
Tanker trucks are moving fuel in a 12-hour trip from Houston to Atlanta. Since the largest tanker trucks hold only 250 barrels, it would take roughly 1,000 trucks to fill all of Georgia’s filling stations. Seaborne vessels are beginning to deliver cargoes, and initial shipments from Europe, Latin America and Canada to American ports can be expected to arrive in the next few days.Gulf Coast refineries have not stopped production, and they are chartering and loading domestic and foreign tanker vessels for storage. The Biden administration is considering waiving the Jones Act, which prohibits foreign vessels from delivering products from one domestic port to another. It can take up to four days to ship fuel from the Gulf of Mexico to Savannah, Ga., or Norfolk, Va.Drivers offered a variety of ...
The Latest News on the Colonial Pipeline Shutdown

The Latest News on the Colonial Pipeline Shutdown

Business
HOUSTON — Panicked drivers scrambled to fuel their vehicles across the Southeast on Tuesday, leaving thousands of stations without gasoline as a vital fuel pipeline remained largely shut down after a ransomware attack.The disruption to the Colonial Pipeline, which stretches 5,500 miles from Texas to New Jersey, also left airlines vulnerable, with several saying they would send jet fuel to the region by air to ensure that service would not be disrupted.Gasoline in Georgia and a few other states rose 3 to 10 cents a gallon on Tuesday, a jump typically seen only when hurricanes interrupt refinery and pipeline operations along the Gulf Coast.The national average for a gallon of regular gasoline rose 2 cents on Tuesday, with higher prices reported in the Southeast, according to the AAA motor cl...