Pipeline hack update: Colonial reopens across the map, ransomware payment – CNET [CNET]

Colonial Pipeline, which shut down after a ransomware attack last week, said its entire system had resumed normal operations, a development that will help relieve concerns of a gas shortage along the East Coast of the US.

In a series of tweets early Saturday, the pipeline operator said it is “delivering millions of gallons per hour” to the markets it served. The company said it delivers 100 million gallons of fuel a day.

Colonial had been closed since last Friday, when a ransomware infection was found on its computer systems. The shutdown affected the supply of gas in parts of the East Coast, with some people waiting an hour or more at filling stations or not finding gas at all. State and federal officials had warned against hoarding and panic buying that could exacerbate the problem.

The ransomware infection at Colonial highlighted the vulnerability of the country’s critical infrastructure, which has been the target of an increasing number of cyberattacks. Cities, schools and hospitals have all been hit by cybercriminals, who scramble a victim’s computers and then extort a payment to decrypt them.

The FBI blamed the attack on a group called Darkside, which is believed to be based in Russia. President Joe Biden told a briefing on Thursday that the FBI doesn’t believe the Russian government itself was involved in the attack. 

Darkside’s website has gone offline and the group is disbanding, The Wall Street Journal reported on Friday.

President Joe Biden issued an executive order on Wednesday aimed at strengthening US cybersecurity. The wide-ranging action includes the creation of a Cyber Safety Review Board that will convene after major incidents. Members of the Defense and Justice departments, several security agencies and private sector specialists will be on the board.

Biden issued an executive order on Wednesday aimed at strengthening US cybersecurity. The wide-ranging action includes the creation of a Cyber Safety Review Board that will convene after major incidents. Members of the Defense and Justice departments, several security agencies and private sector specialists will be on the board.

Here’s what you need to know about the hack.

What happened?

Colonial Pipeline was hit with a ransomware attack. Bloomberg reported the hackers began their attack on May 6 by stealing about 100 gigabytes of data in a double extortion scheme that holds the data hostage and threatens to leak it. The company shut some of its operations to prevent the malicious software from spreading.

Read more: No gas shortage: Stop panicking, and what not to do

What’s a ransomware attack?

Hackers use ransomware — a type of malware — to scramble a company’s computer data and hold it hostage until a ransom is paid. Sometimes they employ a double extortion scheme by pilfering data and threatening to publish it.

On Thursday, Bloomberg reported that Colonial paid nearly $5 million in ransom for software to decrypt its computers. Bloomberg reported the software, which was paid for with an unspecified cryptocurrency, was slow so Colonial continued restoring its system from backups.

During his briefing, Biden declined to answer a question as to whether he had been briefed on Colonial allegedly paying the ransom.

Colonial didn’t respond to a request for comment.

How did Colonial respond to the attack?

The company, which operates pipelines for gasoline, jet fuel and other refined petroleum products, halted pipeline operations after discovering the hack. Colonial said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.”

Colonial services seven airports and operates in 14 states. Its system is the biggest in the US, the company says, covering more than 5,500 miles. A legend on company’s tanks that are featured on its website reads “America’s Energy Lifeline.”

Who’s behind the attack?

The FBI blamed Darkside, a ransomware group, for the attack. The law enforcement agency said it was notified of the hack on May 7 and is investigating alongside the company and other government agencies.

As of Friday, the group appeared to have disbanded, according to the Journal, which reported Darkside had told associates that it had lost access to the infrastructure it needs for its activities. The group said law enforcement actions had prompted its decision, according to the paper. 

Cybereason, a security company based in Boston, wrote that Darkside focuses on targets in English-speaking countries and avoids operations in former Soviet bloc countries. It sells its ransomware, a model known as ransomware as a service, and maintains a help desk for negotiations with victims, Cybereason said.

How prevalent are ransomware attacks?

They’re pretty common. City governments around the US, including Baltimore’s and Atlanta’s, have been slammed by ransomware attacks. Hospitals have been shut down. In one case, a patient died because she had to be taken to a hospital nearly 20 miles away from her initial destination, which was dealing with a cyberattack.

Often, the victims pay to recover their data. Two cities in Florida — Lake City and Riviera Beach — together paid more than $1 million to unfreeze their systems. The cities paid in Bitcoin, a popular cryptocurrency. 

The Cybersecurity and Infrastructure Security Agency and the Department of Energy are working with industry on guidelines to secure critical infrastructure, the White House said, sharing details on the attack that hit Colonial Pipeline and providing recommendations to reduce the likelihood of future incidents. The Biden administration added that it’s helping private sector companies improve their cybersecurity through the Industrial Control Systems Cybersecurity initiative.

What’s been going on with concerns about a gas shortage?

A Department of Transportation agency posted a regional emergency declaration for 18 states and Washington, DC, “in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States.” The declaration is designed to keep the fuel supply on the East Coast flowing.

North Carolina, South Carolina and Virginia also declared states of emergency.

Concerns over a gas shortage helped push GasBuddy, a price-comparison app, to the top of Apple’s App Store, according to App Annie.

So I shouldn’t hoard gas?

Officials say there’s no need to stock up on gasoline because the pipeline is expected to be back near normal at the end of the week.

Energy Secretary Jennifer Granholm acknowledged that some states might experience a supply crunch, but said there was no need to rush to the pumps. “We know that we have gasoline,” she said, according to US News and World Report. “We just have to get it to the right places.”

South Carolina Gov. Henry McMaster tweeted a similar message to his state’s citizens. “There is no need to rush to top off your gas tanks or hoard gas,” McMaster wrote, “the pipeline is expected to resume operations by the end of the week.”

What about gas prices?

As of Saturday, the average price per gallon of gas in the US jumped to nearly $3.04, up more than 7 cents from the previous week, according to GasBuddy. A GasBuddy analyst told MarketWatch that the rise reflected the reopening of the US economy though it may have been accelerated by the pipeline shutdown. 

Correction, May 13, 8:44 a.m. PT: Fixes spelling of Cybereason.