After a ransomware attack on a key US pipeline network led to a disruption in fuel supplies in the eastern part of the United States, the company owing the pipeline has reportedly paid a ransom of $5 million to the cybercriminal group that launched the attack. The payment, according to multiple news reports, was made using Bitcoins.
Colonial Pipeline Company, which transports about 45 per cent of all petrol and diesel consumed on the east coast of the US, was forced to shut down operations after the cyberattack on May 7.
Newsletter | Click to get the day’s best explainers in your inbox
The shutdown led to the US federal government declaring a regional emergency to allow transportation of fuels through tanker trucks to tide over the impact of shortages. What kind of attack was this, which hacking group was behind it, and how did it impact oil prices?
What is a ransomware attack?
A ransomware attack is a cyberattack using malware that encrypts the victim’s files and requires users to pay a ransom to decrypt the files. Experts noted that with companies moving to real-time backups, hackers have, as in the case of the Colonial Pipeline attack, also added the element of downloading all the data on an enterprise network before encrypting it. The hackers can then threaten to leak the data if the ransom is not paid.
The FBI has identified the ransomware used in the attack as a variant of ransomware created by the DarkSide group that has been in use since October 2020, according to Anne Neuberger, deputy national security advisor on cyber and emerging tech in a White House briefing
The company has reportedly paid a ransom amount of $5 million in Bitcoin to retrieve its files. A White House official noted that it was the position of the federal government and of the FBI that “ it is not in the interest of the private sector for companies to pay ransoms because it incentivises these actions”.
Neuberger indicated that Colonial Pipeline’s systems may have been compromised as a result of security systems not being up to date.
“In this case, the ransomware that was used is a known variant… So the first and most important thing is to ensure that systems are patched and that cybersecurity is maintained at the level needed in a given network,” Neuberger said, adding that this was particularly important in the case of critical infrastructure networks.
Who are the DarkSide group?
Experts have noted that while the DarkSide group is new, it is likely made up of veteran ransomware developers based in Russia. In a statement published online, the group has claimed that it is apolitical and is only concerned about making money and has claimed that it also donates some of its proceeds to charities.
Neuberger noted that the group functioned on ransomware as a service model where “criminal affiliates conduct attacks and then share the proceeds with the ransomware developers”.
Cybersecurity firm Cybereason said that the DarkSide group appeared to have a code of conduct that prohibits attacks against hospitals, hospices, schools, universities, non-profit organizations, and government agencies.
In a statement published online, the group seemed to shift the blame of the attack on one of its partners using its software.
“Our goal is to make money, and not creating problems for society,” said the group, adding that it would “check each company that our partners want to encrypt to avoid social consequences in the future”.
How did this attack impact oil prices?
Oil prices rose in response to the attack on Colonial Pipeline with the price of Brent crude rising to $69 per barrel on Monday. The price of Brent crude was $68.7 at the end of trading on Friday. The Colonial Pipeline company has said that a full resumption of its operations could take a few days.
The disruption led to a gas shortage across the east coast with customers facing long lines to purchase fuel and many pumps running out of petrol and diesel as panic buying led to customers purchasing larger quantities of fuel. The temporary shortage also led to an increase in pump prices in the US with the average national price of petrol rising to over $3.0 per gallon, the highest level since 2014.
Crude oil prices have risen over the past fortnight despite a surge in Covid-19 infections in Asia due to expectations of increasing crude oil demand from the US and Europe leading to further upward pressure on auto fuel prices.
How can oil and gas companies deal with such attacks?
Experts noted that there was a need to move towards fortifying approaches to prevent attacks including employing a zero-trust security framework in enterprise networks.
“A zero-trust approach means anything is suspected whenever any activity is done on the network, and every user, including the CEO, will have to be verified time and again,” said a cybersecurity consultant who did not wish to be named.
This expert added that other measures such as Cloud Access Security Brokers (CPAB), which act as intermediaries between users and cloud service providers, could “give teeth” to an overall cybersecurity strategy.
The expert noted that India’s oil and gas PSUs were making efforts to beef up security, and that organisations managing critical infrastructure such as pipelines and refineries were required by the government to implement certain security measures.
The Ministry of Petroleum and Natural Gas did not respond to emailed requests for comment on the vulnerability of critical oil and gas infrastructure to cyber attacks.