Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 3 1 2 3 >
Topic Options
#298944 - 05/11/21 01:13 PM Pipeline Ransomware Attack
Blast Offline
INTERCEPTOR
Carpal Tunnel

Registered: 07/15/02
Posts: 3751
Loc: TX
Those of you on the East Coast have my sympathy. Your gas prices (when you can even get it) are going to be through the roof. Here's a good article on what happened and what's currently being done.
https://www.npr.org/2021/05/10/995405459...al-u-s-pipeline

It attack isn't at all surprising. Similar ransomware attacks have shut down hospitals and even cities. It's one more thing you need to keep in mind. My brother used to be in charge of the IT security for a powerplant up in Alaska and he said back eight years ago they were attacked multiple times per day. I'm sure it's even worse now.
-Blast


Edited by Blast (05/11/21 01:15 PM)
_________________________
Foraging Texas
Medicine Man Plant Co.
DrMerriwether on YouTube
Radio Call Sign: KI5BOG
*As an Amazon Influencer, I may earn a sales commission on Amazon links in my posts.

Top
#298948 - 05/11/21 04:19 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3637
Loc: USA
Please note that while I work in this field I am not involved in this investigation in any way; all I know about the attack is what's been reported publicly.

Historically, most nation-state threat actors do not use ransomware. Almost all ransomware threat actors are financially motivated. If this attack were targeted at the pipeline company, I would have expected the attacker to take measures to be sure to get paid, rather than shut down the pipeline.

Based on what I know so far, I don't think that this specific threat actor is particularly low or high in sophistication. A low sophistication threat actor would have had challenges attacking these systems. A high sophistication threat actor would be attacking financial systems, or similar activity that has a higher percentage of success.

In other words, the threat actor probably regrets this attack due to not getting paid for success and due to the extra attention they will receive from law enforcement and private entities that work on attribution.

Top
#298949 - 05/11/21 07:27 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Online   content
Enthusiast

Registered: 11/05/07
Posts: 398
Loc: Wales, UK
Seems the attackers didn't shut down the pipeline, but was shutdown as a "precautionary measure".

It seems Colonial's automatic invoicing system has been affected. So they can't invoice their clients.

https://zetter.substack.com/p/biden-declares-state-of-emergency


Edited by Ren (05/11/21 07:28 PM)

Top
#298950 - 05/11/21 09:48 PM Re: Pipeline Ransomware Attack [Re: Blast]
Teslinhiker Offline
Veteran

Registered: 12/14/09
Posts: 1415
Loc: Cranbrook BC (Finally)
I have been reading Brian Kreb's blog for years due to the in-depth and knowledge he has on many different types of security issues. His latest post is on the Colonial Pipeline ransomware attack and is a very good (and long) read.

https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/#more-55529
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.

John Lubbock

Top
#298951 - 05/11/21 11:05 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3637
Loc: USA
Krebs is freaking awesome.

Top
#298952 - 05/11/21 11:24 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Online   content
Enthusiast

Registered: 11/05/07
Posts: 398
Loc: Wales, UK
It appears Colonial's website is fubar. Throwing 502s and also advertising it's using a 3 year old version of nginx. *facepalm*


Edited by Ren (05/11/21 11:24 PM)

Top
#298953 - 05/12/21 03:33 AM Re: Pipeline Ransomware Attack [Re: chaosmagnet]
dougwalkabout Offline
Crazy Canuck
Carpal Tunnel

Registered: 02/03/07
Posts: 3034
Loc: Alberta, Canada
Originally Posted By: chaosmagnet
In other words, the threat actor probably regrets this attack due to not getting paid for success and due to the extra attention they will receive from law enforcement and private entities that work on attribution.

Yes, I imagine being reclassified from "criminal nuisance" to "terrorist actor" could introduce all sorts of pesky complications into one's business plan.

Top
#298958 - 05/13/21 10:10 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Online   content
Enthusiast

Registered: 11/05/07
Posts: 398
Loc: Wales, UK
Story update

https://www.bloomberg.com/news/articles/...llion-in-ransom

Seems Colonial paid $5 million ransom.

Top
#298961 - 05/14/21 02:37 AM Re: Pipeline Ransomware Attack [Re: Ren]
Doug_Ritter Offline

Pooh-Bah

Registered: 01/28/01
Posts: 2154
Well, that will certainly discourage future attacks. crazy


Edited by Doug_Ritter (05/14/21 02:38 AM)
_________________________
Doug Ritter
Editor
Equipped To SurviveŽ
Chairman & Executive Director
Equipped To Survive Foundation
www.KnifeRights.org
www.DougRitter.com

Top
#298965 - 05/14/21 02:43 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3637
Loc: USA
Good article, thank you Ren.

With regard to paying ransoms, I personally oppose it.

Many companies don't have a comprehensive incident response plan, one that goes beyond IT to include Legal, Public Relations, other internal stakeholders, and external stakeholders like business partners and law enforcement. In these events, companies are learning as they go. Often those lessons are quite a bit more painful without a plan.

I don't know about the victim in this case, but if we suppose for the sake of the argument that they had an excellent plan including all relevant stakeholders, I imagine their thinking could have gone like this:

  • We're losing $BIGNUM per hour
  • The ransom will save us way more money than it will cost
  • We're obligated to our shareholders to stop the losses


Barring a Board of Directors policy forbidding the payment of ransom, the executive leadership of the victim company may very well feel legally compelled to pay it to preserve shareholder value.

Top
Page 1 of 3 1 2 3 >



Moderator:  MartinFocazio, Tyber 
October
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
2 registered (DaveT, Ren), 112 Guests and 5 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
iota, tmc, McGooberstien2021, lmv, cewibak263
5351 Registered Users
Newest Posts
Gas generator alternatives?
by dougwalkabout
03:14 AM
A "panic room" for weather
by Eugene
11:36 PM
Tips for kid's first night in a tent.
by chaosmagnet
08:29 PM
What Song Describes How You Feel?
by Mark_R
07:10 PM
What did you do today to prepare?
by Eugene
01:55 PM
Gerrish-Chung Family death on Savage-Lundy trail
by Ren
10/14/21 02:43 PM
Any gardeners around here ?
by M_a_x
10/13/21 11:45 AM
3-yr old survives 3 days in the Texas woods
by Ren
10/11/21 10:18 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.