Cyberattacks have hit at least 17 targets in the US since March, from local governments and schools to major meat and oil suppliers. Here’s the full list.

Out of service gas pump
The Capitol Hill Exxon station temporarily ran out of low and medium grade gasoline on Thursday, May 13, 2021, following the shutdown of the Colonial fuel pipeline.

  • Businesses, local governments, and other organizations in the US have been victims of cyberattacks this year.
  • The largest attacks occurred on gas provider Colonial Pipeline and meat producer JBS.
  • President Biden is expected to address cyberattacks with Russian President Vladimir Putin during their meeting Wednesday.
  • See more stories on Insider’s business page.

A growing number of cyberattacks have occurred on US businesses, local governments, and public systems since the start of 2021.

These attacks usually originate from outside the US, in countries like Russia and China, experts who spoke to Insider earlier in June said. Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, said there were three kinds of major cyber attacks: ransomware attacks, espionage attacks, and email compromise attacks.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future, previously told Insider.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he said.

President Joe Biden earlier this year placed sanctions on Russia for its involvement in the attack on SolarWinds, which was reported last year. Biden is also expected to address cybercrime when he meets with Russian President Vladimir Putin in Geneva on Wednesday.

These are the cyberattacks that US companies, agencies, and institutions have faced so far this year.

CNA Financial Group

CNA Financial Group announced in May it had been the victim of a ransomware attack in March, Bloomberg reported. According to the report, the Chicago-based insurance company paid hackers $40 million to regain control of its IT systems. The company said it did not believe data was stolen in the attack.

Microsoft’s Exchange Server email software

At least 30,000 victims that included small businesses and local governments were hacked by an organization in March that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

A Maryland drug-treatment clinic

Turning Point Clinic, the largest drug-treatment clinic in Baltimore, Maryland, was the victim of a cyberattack in April, according to the Baltimore Sun. The hackers may have accessed and copied patient’s personal information, officials said, according to the report.

An Iowa school district

The Union Community Schools District in Cedar Rapids, Iowa, was the victim of a cyberattack in April, school officials announced in June, according to KCRG. The breach briefly took the school’s website down, and school officials said the hackers may have accessed the school district’s documents.

New York’s metro authority

Also in April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.

An Alaska court system

The Alaska court system said it was the victim of a malware attack in April, according to the Associated Press. The court system took its systems offline and was working to make them stronger to avoid future attacks, according to the report. It said it did not believe personal information was stolen as a result of the breach.

Alaska’s Department of Health and Human Services

The Alaska Department of Health and Human Services was the victim of a malware attack in May, it said, taking some of its online services offline, according to Alaska Public Media. The department said it wasn’t clear if personal information was accessed during the hack, according to the report.

America’s largest fuel pipeline

Ransomware organization DarkSide, which is believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency, as Insider reported.

The world’s largest meat supplier

JBS USA, the world’s largest meat supplier, announced in May it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10 of its global plants due to the attack, according to a report from Bloomberg. It paid hackers $11 million, according to NBC News.

The government of an Illinois county

The government in St. Clair County, Illinois, was the victim of a cyberattack at the end of May that caused weekslong disruptions, according to Government Technology. The hack prevented residents from using online systems to access court records or pay taxes, according to the report. A ransomware group named Grief took responsibility for the attack, according to the report.

Tulsa’s computer systems

Hackers in May breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.

A truck and military vehicle manufacturer

Navistar, a US truck and military vehicle manufacturer, said it was the victim of a cyberattack in May. The company said that data had been stolen from its IT system. It said the IT system remained fully functional. It’s unclear what data was stolen, Insider previously reported.

San Diego health system

San Diego health system Scripps Health reported it fell victim to ransomware attack May 1, according to Fox 5 San Diego. As a result, the system took its system offline for a month, leading to missed appointments and patients’ inability to access their medical records. It’s unclear if hackers accessed private patient data, according to the report.

Puerto Rico’s main power provider

Luma Energy LLC, the main power provider in Puerto Rico experienced a denial-of-service attack on June 10, according to The Wall Street Journal. A denial-of-service attack occurs when hackers overwhelm a system with requests in an attempt to bring it down. Shortly after the attack, a fire at the facility broke out, causing 900,000 people to lose power. The cause of the fire has not yet been determined, according to the report.

McDonald’s

McDonald’s announced on June 11 it had been hit by a cyberattack in the US, South Korea, and Taiwan. The hack exposed employee information, and information about some of its restaurants, but the company said no customer information was leaked as a result of the hack, The Wall Street Journal reported.

Massachusetts ferry service

The Steamship Authority of Massachusetts was the victim of a ransomware attack in June, NBC Boston reported. While ships continued to operate normally during the attack, customers were unable to book or change their tickets online or by phone for a week.

An Iowa community college

Both in-person and online classes were canceled in June at the Des Moines Area Community College in Iowa after a cyberattack took down its computer systems, Fox Business reported. In-person classes have resumed, while online courses remained canceled as of June 14, according to the college. The school said it didn’t believe that student or faculty data had been leaked due to the breach, according to Fox Business.

NYC’s law department

New York City officials confirmed in June they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.

Television stations

In June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment and has not publicly spoken about the hack.

Video game developer

Hackers in June stole data from game developer Electronic Arts (EA), according to Vice. In an online forum, hackers claimed to have stolen data about the company’s upcoming games, including “FIFA 21,” the report said. Hackers reportedly used Slack to breach the company. In total, the hackers claimed to have stolen 780 GB of data, according to Vice. The company told Vice no customer data had been extracted in the hack.

Read the original article on Business Insider

Major cyberattacks have rocked the US, and there are ‘a lot of different ways that ransomware actors can disrupt everyone’s lives,’ experts say

Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack
Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack

  • A number of prominent cyberattacks on US institutions have made headlines so far in 2021.
  • Hackers targeted a major gas provider in April and the world’s largest meat producer in May.
  • Sometimes, experts say, hackers are after ransom, but in other cases intended to steal information.
  • See more stories on Insider’s business page.

A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that “spillover” across supply chains.

Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.

The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency.

At the end of May, JBS USA, the world’s largest meat supplier, announced it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10of its global plants due to the attack, according to a report from Bloomberg.

Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.

These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and Colonial Pipeline.

Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.

There’s also a third and more common type category called “email compromise,” where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI’s Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.

In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.

In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.

The growing threat is not just the initial hack but the “spillover harm” it causes, Moore said.

The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.

“It becomes more of sentient threat – more of a threat that we’re aware of,” Moore said of the recent ransomware hacks.

“They’re not trying to necessarily shut down a pipeline,” Moore added of ransomware hackers. “They’re just trying to make money through ransomware, but they’re still having this effect of disrupting our critical infrastructures.”

DarkSide claimed it didn’t mean to cause any disruption to society. The ransomware group later claimed it would be disbanding following the incident.

“We’re seeing more of this spillover harm,” Moore added. “We’re seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern.”

“These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies,” Moore said.

Ransomware attackers have also evolved. Historically, victims of a ransomware attack could avoid paying the ransom if they maintained regular system backups and restored their systems to them after they had been compromised.

Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.

In the case of Colonial Pipeline, the company quickly paid the hackers $4.4 million in ransom. Officials at the Department of Justice said this week they were able to recover most of the $4.4 million paid to the hackers.

This year alone, cybercriminals have taken out large and small targets

It’s not just a perception or an increase in coverage – cyberattacks in the US are both growing and evolving, experts said.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he added.

  • New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.
  • Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment.
  • Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
  • In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
  • And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

“That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information,” Moore said of the March attack.

“Essentially, you’ve got the internal corporate email of many, many companies,” he added. “This is something that is very valuable to a nation-state adversary like China.”

Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.

Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.

This type of cybercrime almost always originates from outside the US, experts said.

“When we say Russia, China or, Iran – all of which have had ransomware actors operate out of their borders – we’re generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government,” Liska said in regard to ransom seekers, like those from DarkSide.

There are reasons for Americans to be concerned about future attacks, Liska said. But there’s also room for optimism.

But he added his fears had been assuaged slightly due to recent actions from the US government.

“The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target,” Liska said.

Biden in April slapped sanctions on Russia following its accused involvement in the SolarWinds attack.

“The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable,” the White House said in April. “We do not think that we need to continue on a negative trajectory. However, we have also been clear – publicly and privately – that we will defend our national interests and impose costs for Russian Government actions that seek to harm us.”

The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported.

FBI Director Christopher Wray this month told The Wall Street Journal there were “a lot of parallels” between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.

“Part of the persona of these ransomware actors is they’re bold and audacious,” Liska said. “They issue press releases talking about their exploits and how they’re not afraid of anybody and they’ll go after anybody. It’s really easy to do that until the president calls you out by name.”

Liska said it wouldn’t be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said.

“There are still a lot of different ways that ransomware actors can disrupt everyone’s lives without necessarily taking the power grid offline,” Liska said.

“We need to invest more heavily in our critical infrastructure,” he added.

Read the original article on Business Insider

The FBI recovered a huge chunk of the Colonial Pipeline ransom by secretly gaining access to Darkside’s bitcoin wallet password

The bitcoin logo is seen on a smartphone screen device in front of a computer screen that says "cancelled. "
The FBI managed to gain access to the “private key” of a bitcoin wallet that the hacking group Darkside used to collect its ransom payments.

The Department of Justice announced Monday that it had recovered a majority of the ransom paid by Colonial Pipeline to hackers who shut down its operations last month and caused massive fuel shortages and price hikes.

The DOJ said that it had recovered $2.3 million worth of bitcoin out of the $4.4 million ransom that Colonial had paid to Darkside, the group behind the hack.

How did the government pull it off?

The FBI had what was effectively the password to a bitcoin wallet that Darkside had sent the ransom money to, allowing the FBI to simply seize the funds, according to the DOJ.

‘Following the money’

Despite cybercriminals’ increasingly sophisticated use of technology to commit crimes, the DOJ said it used a time-tested approach to recover Colonial’s ransom payment.

“Following the money remains one of the most basic, yet powerful tools we have,” Deputy Attorney General Lisa Monaco said in the DOJ’s press release.

Colonial was hacked by Darkside on May 7, and alerted the FBI that same day, according to the DOJ.

On May 8, with its operations knocked offline and amid an emerging gas crisis, Colonial opted to pay the ransom (much to the chagrin of government crimefighters who were simultaneously trying to shut down the hack).

Colonial told the FBI that Darkside had instructed it to send 75 bitcoin, worth about $4.3 million at the time, according to an affadavit from an FBI special agent involved in the investigation.

The FBI agent then used a blockchain explorer – software that lets users search a blockchain, like bitcoin, to determine the amount and destination of transactions – to figure out that Darkside had tried to launder the money through various bitcoin addresses (similar to bank accounts), according to the affadavit.

Eventually, through the blockchain explorer, the FBI agent was able to track 63.7 bitcoin to a single address that had received an influx of payments on May 27.

Fortunately for the FBI, according to the agent’s affadavit, the agency had the private key (effectively the password) for that very address.

Bitcoin addresses rely on a two-key encryption system to keep transactions secure: one public and one private. The public key is shared openly so anybody can send money to that address. But once the sender has encrypted their payment with the recipient’s public key, only the recipient’s private key can decrypt and gain access to that money.

That’s why private keys are meant to be closely held secrets, stored in a secure place. As of January, $140 billion in bitcoin – around 20% of existing bitcoin – were held in wallets where people had forgotten or lost their private keys.

In Darkside’s case, the FBI managed to gain access to its public key, and after getting a seizure warrant from a federal court, the agency used the key to access Darkside’s address and swipe 63.7 bitcoin, or around $2.3 million.

The FBI didn’t say how it had managed to obtain the key, but said it sent a warning to other potential ransomware hackers.

“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said in the release.

Read the original article on Business Insider

US truck and military vehicle manufacturer Navistar just disclosed it was targeted by a cyberattack

Flags fly in front of Navistar's corporate headquarters on April 17, 2018 in Lisle, Illinois.
Flags fly in front of Navistar’s corporate headquarters on April 17, 2018 in Lisle, Illinois.

US truck and military vehicle manufacturer Navistar International Corp said on Monday that the company was targeted by a cyberattack.

In an 8-K US Securities and Exchange Commission filing published on Monday, Navistar said it became aware of a potential data breach last month, saying it received a claim that data had been stolen from its IT system. It’s unclear exactly what data was taken.

“The company, with the assistance of third-party experts, continues to investigate and address the scope and impact of the cybersecurity incident,” the Illinois-based company said. Navistar manufactures military trucks, diesel engines, school and commercial buses, and more.

Navistar added that its IT system “continues to be fully operational” and that law enforcement is aware of the incident.

The company’s data breach is the latest in a string of cyberattacks. In recent weeks, the Colonial Pipeline, New York City’s transit authority, and meat supplier JBS have all been targeted.

Read the original article on Business Insider

Hackers hit the world’s largest meat supplier with a massive cyberattack. Here’s what’s affected, and for how long.

Cow
Cow.

Hello! This story is from today’s edition of Morning Brew, an awesome daily email read by 2.9 million next-generation leaders like you. Sign up here to get it!

Over the weekend, hackers hit the only piece of American infrastructure more critical than the Colonial Pipeline: the burger supply.

JBS, the world’s largest meat processor, had to shut down North American and Australian operations Monday following a coordinated ransomware attack. The company told the White House that it believes a criminal organization based in Russia is behind the hack.

In the US, which accounts for half of JBS revenues, nearly 20% of beef production was impacted by temporary plant shutdowns.

It does appear to be temporary, though. JBS said that the “vast majority” of its facilities would be operational today due to progress it made in resolving the attack.

If operations had remain paused for days or weeks, the hiccup could’ve turned into a real headache for JBS customers like supermarkets and fast-food chains that require a continuous supply of meat.

Extra bad timing

While wholesale meat prices remained mostly stable yesterday, extended disruption from the cyberattack threatened to send meat prices-already on the rise-soaring even higher.

Compared to 2020, April’s pork and beef prices were up 4.8% and 3.3%, respectively, due to labor shortages, restaurant reopenings, rising grain and transportation costs, and high demand for meat exports. And Memorial Day weekend just kicked off the summer grilling season, which means even more demand for meat in the US.

Zoom out: As a greater proportion of corporate operations are tied to IT systems, hackers are presented with more opportunities to prey on links in critical supply chains. The JBS incident comes just weeks after hackers forced the shutdown of the Colonial Pipeline and disrupted gas supplies up the East Coast.

This story is from today’s edition of Morning Brew, a daily email publication. Sign up here to get it!

Read the original article on Business Insider

One of the biggest US insurance companies reportedly paid hackers $40 million ransom after a cyberattack

GettyImages 522019766
Investors are pouring billions into cybersecurity startups.

CNA Financial, one of the largest insurance companies in the US, reportedly paid hackers $40 million after a ransomware attack blocked access to the company’s network and stole its data, according to a report from Bloomberg’s Kartikay Mehrotra and William Turton.

CNA first announced the hack in late March, stating that it had seen a “sophisticated cybersecurity attack” on March 21 that had “impacted certain CNA systems.” To address the incident, the company called in outside experts and law enforcement, both of which launched an investigation into the attack.

But behind closed doors, about a week following the ransomware attack, CNA began negotiating with the hackers, Bloomberg reported.

The hackers initially demanded $60 million in ransom. But following negotiations, CNA paid them $40 million in late March, which could be one of the largest ransomware hacker payments yet.

Bloomberg’s report on CNA Financial’s ransom payment comes just weeks after Colonial Pipeline – the US’ biggest refined products pipeline – paid hackers $4.4 million following its own cyberattack, which had caused gas shortages across the East Coast.

Colonial Pipeline’s payout may be notably lower than CNA Financial’s, but the cost of ransomware attacks have been increasing. In 2020, the average ransomware payment increased 171% from $115,123 in 2019 to $312,493 in 2020, according to a report from cybersecurity firm Palo Alto Networks. And earlier this year, both Quanta, an Apple supplier, and Acer were targeted by ransomware group REvil, which demanded $50 million from both companies.

However, the FBI advises against paying a ransom, and says doing so could instead encourage more hacks.

According to a May 12 update from CNA, “systems of record, claims systems, or underwriting systems where the majority of policyholder data is stored” were not affected by the cyberattack.

A CNA spokesperson told Insider that the company isn’t commenting on the ransom, but that it had “followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter.”

The spokesperson also noted that a group called “Phoenix” was behind the attack. The ransomware used on CNA is known as Phoenix Locker, a spin-off of another malware “Hades” created by Russian hacking organization Evil Corp, Bloomberg reported.

The US Treasury Department last sanctioned Evil Corp in 2019 following the group’s distribution of another malware. This sanction barred Americans from paying an Evil Corp ransom. However, the CNA spokesperson noted that Phoenix “isn’t on any prohibited party list and is not a sanctioned entity.”

Read the original article on Business Insider

Russia’s intelligence chief suggested without evidence that the US and UK orchestrated the SolarWinds hack that breached US government agencies

A screenshot of the BBC interview with FIS chief Sergei Naryshkin.
SVR chief Sergei Naryshkin speaking to the BBC.

  • US intelligence agencies suspect Russia is behind the SolarWinds hack on federal agencies last year.
  • But on Monday, Russia’s head of foreign intelligence suggested the UK and US itself might have been behind it.
  • Sergei Naryshkin didn’t give evidence or explain why the US would hack its own agencies.
  • See more stories on Insider’s business page.

The head of Russia’s foreign intelligence service (SVR) suggested without evidence that the US and UK were actually behind last year’s SolarWinds hack, which compromised US government agencies and major companies for months.

In January, US intelligence agencies said that the cyberattack was likely Russian in origin, and President Joe Biden’s administration in April imposed new sanctions on Russia, citing the hack as a reason. Russia has denied any involvement in the hack.

Speaking to the BBC, SVR chief Sergei Naryshkin repeated the denial, saying: “These claims are like a bad crime novel.”

Instead, he suggested that a US-UK partnership was capable of carrying out the attack, citing 2013 reporting based on the leaks made by the National Security Agency whistleblower Edward Snowden.

That year, The Guardian published details of secret documents outlining how the NSA and its British counterpart GCHQ collaborated with tech companies to insert secret vulnerabilities into encryption software. This gave them the ability to crack much of the encryption used for personal data such as emails and online transactions, the report said.

The revelation caused international scandal, prompting then-President Barack Obama to say that the NSA was not “rifling through” ordinary people’s emails, as The Guardian reported at the time.

Speaking of the SolarWinds hack, Naryshkin told the BBC: “I don’t want to assert that this cyberattack was carried out by a US agency, but the tactics are similar.” He did not elaborate on how or why the US would hack into its own agencies.

Vladimir Putin
Russian President Vladimir Putin in 2012.

Naryshkin said that all the accusations made against Russian intelligence agencies – “cyber attacks, poisonings, hacks, interference in elections” – were “absurd” and “pathetic.”

Russia has been accused of an array of intelligence-led attacks on foreign soil in recent years, from the 2018 poisoning of the former agent Sergei Skripal in England to attempts to influence the 2016 US presidential election.

“Regarding these accusations that have been leveled against us publicly … Russia is not involved,” Naryshkin said, echoing past denials from Russian officials.

Experts are still unraveling the impact of the SolarWinds hack and may never get a full assessment, as Insider’s Kelsey Vlamis reported.

The software firm, used by hundreds of companies and top government agencies, was targeted by hackers who inserted malicious code into its systems. Any client who updated their software between March and June ended up with a backdoor into their system, which hackers could exploit.

The FBI, NSA, Cybersecurity and Infrastructure Security Agency, and the Director of National Intelligence said in a joint January statement that the hack was likely intelligence-related when it pointed the finger at Russia.

“An Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said.

Read the original article on Business Insider

The Colonial Pipeline is back up, but gas shortages have gotten worse and it’ll take time to make up the shortfall

gas station lines
A customer pumps gas at Costco, as a worker directs traffic, on Tuesday, May 11, 2021, in Charlotte, N.C.

  • The Colonial Pipeline shut down for several days after a cyberattack and was restored on Wednesday.
  • The pipeline transports nearly half of all fuel on the east coast of the US.
  • It will likely take days to weeks for gas stations to return to normal.
  • See more stories on Insider’s business page.

The Colonial Pipeline was back in action Wednesday night after a cyberattack led to gas shortages and outages across the East Coast, but experts warn it could take days to weeks for gas prices and availability to return to normal.

The Colonial Pipeline is the largest pipeline of refined oil products in the US, transporting over 45% of all fuel used on the East Coast (when not affected by a cyberattack) to more than 50 million people.

Following the hack and pipeline shutdown, several states declared states of emergency because of gas shortages, including North Carolina, Georgia, and Virginia. As shortages and outages swept the coast, gas prices skyrocketed.

AAA’s website noted that national gas prices hit an average of $3.03 on Thursday, the highest level since 2014.

US Energy Secretary Jennifer Granholm announced on Thursday morning that the attempt to restart the pipeline on Wednesday night was a success.

Read more: A strategist who timed the March 2020 market bottom for a $32 billion money manager breaks down 2 ways investors can capitalize on the Colonial Pipeline attack

Echoing Granholm’s tweet, the Colonial Pipeline also released a statement on Thursday to say that each market it services should begin to receive petroleum products from the pipeline by midday.

Still, experts predict that it will take days to weeks for gas availability to return to normal – partly because people have been panic-buying and hoarding gas.

Patrick De Haan, the head of petroleum analysis at GasBuddy, said Georgia, North Carolina, South Carolina, and Virginia will likely take the longest to recover.

Previous reports suggested that Colonial Pipeline would not pay the $5 million in ransom requested by the hacking group behind the attack, DarkSide, but a new report from Bloomberg indicates that the company paid the ransom in cryptocurrency “within hours” of the attack.

The hacking group behind the cyberattack, DarkSide, received $5 million in ransom from Colonial Pipeline, Bloomberg reported.

Since the attack, Colonial Pipeline’s website has added a CAPTCHA security check before entering the site, seemingly in an effort to prevent a future hack. The company has been searching for a cybersecurity manager for at least 30 days, according to a posting on the company’s open job listings.

Read the original article on Business Insider

US says fuel supplies should be ‘back to normal’ by the weekend as key pipeline restarts after cyberattack

GettyImages 1232845374
Signs reading “out of gas” cover screens on pumps at a gas station on May 12, 2021 near Four Oaks, North Carolina. Photo by Sean Rayford/Getty Images

  • The Colonial Pipeline began resuming service Wednesday evening.
  • With that, the US Secretary of Energy said “things will be back to normal” by the end of the weekend.
  • The pipeline, which transports 45% of the fuel used by the East Coast, shut down last week following a cyberattack.
  • See more stories on Insider’s business page.

The Colonial Pipeline is back up and running with full operations expected by this weekend, which should bring gas shortages in part sparked by panic buying to an end.

The Colonial Pipeline, the top US fuel pipeline, restarted Wednesday evening, and reported “product delivery has commenced in a majority of the markets we service.”

The successful restart “should mean things will return to normal by the end of the weekend,” US Secretary of Energy Jennifer Granholm said on Twitter Thursday.

“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the company said Wednesday evening. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period.”

The pipeline shutdown operations last week after Russian ransomware group DarkSide hacked the company’s systems and demanded money.

The company took the pipeline – which runs from Texas to the New York -area and supplies 45% of the East Coast’s fuel -offline following the attack. A private cybersecurity firm hired by Colonial and the federal government are probing the incident.

Colonial has “made substantial progress in safely restarting our pipeline system,” the company said Thursday in a statement. “By mid-day today, we project that each market we service will be receiving product from our system.”

A few remaining segments of the line will begin operating at 12 p.m. ET, the company said.

Amid the shutdown, some people resorted to panic-buying fuel. Long lines stretched around gas stations, more than 1,000 stations in the US ran dry, and the price of gas surged. Most of the shortages remained on the east coast, especially in North Carolina, South Carolina, and Georgia, a GasBuddy analyst reported.

Read the original article on Business Insider

Colonial Pipeline restarts operations, but says supply chain issues may continue for ‘several days’

Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Alpharetta, Georgia-based Colonial Pipeline, which has the largest fuel pipeline, was forced to shut down its oil and gas pipeline system on Friday after a ransomware attack that has slowed down the transportation of oil in the eastern U.S. On Sunday, the federal government announced an emergency declaration that extends through June 8th and can be renewed. On Monday, the FBI confirmed that the cyberattack was carried out by DarkSide, a cybercrime gang believed to operate out of Russia.
Colonial Pipeline, was forced to shut down its oil and gas pipeline system on Friday after a ransomware attack that has slowed down the transportation of oil across the Eastern US.

Colonial Pipeline said in a press release on Wednesday it had “initiated the restart of pipeline operations” at approximately 5 p.m. ET.

“Following this restart, it will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period,” the company said.

“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” it said, adding that it’s conducting various safety assessments as it resumes operations.

The announcement follows widespread gas shortages across the eastern US that resulted from the pipeline being taken offline by a crippling ransomware attack.

The 5,500-mile network supplies around 45% of the East Coast’s fuel, and more than 1,000 gas stations ran dry following the attack, creating long lines and sending prices soaring past $3 per gallon for the first time since 2014.

The Biden administration has been working with Colonial to get operations restarted. The Russia-based hacking group DarkSide acknowledged it launched the attack, saying it didn’t intend to cause “problems for society,” and would approach targets differently in the future.

Read the original article on Business Insider