Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 3 1 2 3 >
Topic Options
#298944 - 05/11/21 01:13 PM Pipeline Ransomware Attack
Blast Offline
INTERCEPTOR
Carpal Tunnel

Registered: 07/15/02
Posts: 3760
Loc: TX
Those of you on the East Coast have my sympathy. Your gas prices (when you can even get it) are going to be through the roof. Here's a good article on what happened and what's currently being done.
https://www.npr.org/2021/05/10/995405459...al-u-s-pipeline

It attack isn't at all surprising. Similar ransomware attacks have shut down hospitals and even cities. It's one more thing you need to keep in mind. My brother used to be in charge of the IT security for a powerplant up in Alaska and he said back eight years ago they were attacked multiple times per day. I'm sure it's even worse now.
-Blast


Edited by Blast (05/11/21 01:15 PM)
_________________________
Foraging Texas
Medicine Man Plant Co.
DrMerriwether on YouTube
Radio Call Sign: KI5BOG
*As an Amazon Influencer, I may earn a sales commission on Amazon links in my posts.

Top
#298948 - 05/11/21 04:19 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Please note that while I work in this field I am not involved in this investigation in any way; all I know about the attack is what's been reported publicly.

Historically, most nation-state threat actors do not use ransomware. Almost all ransomware threat actors are financially motivated. If this attack were targeted at the pipeline company, I would have expected the attacker to take measures to be sure to get paid, rather than shut down the pipeline.

Based on what I know so far, I don't think that this specific threat actor is particularly low or high in sophistication. A low sophistication threat actor would have had challenges attacking these systems. A high sophistication threat actor would be attacking financial systems, or similar activity that has a higher percentage of success.

In other words, the threat actor probably regrets this attack due to not getting paid for success and due to the extra attention they will receive from law enforcement and private entities that work on attribution.

Top
#298949 - 05/11/21 07:27 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
Seems the attackers didn't shut down the pipeline, but was shutdown as a "precautionary measure".

It seems Colonial's automatic invoicing system has been affected. So they can't invoice their clients.

https://zetter.substack.com/p/biden-declares-state-of-emergency


Edited by Ren (05/11/21 07:28 PM)

Top
#298950 - 05/11/21 09:48 PM Re: Pipeline Ransomware Attack [Re: Blast]
Teslinhiker Offline
Veteran

Registered: 12/14/09
Posts: 1418
Loc: Nothern Ontario
I have been reading Brian Kreb's blog for years due to the in-depth and knowledge he has on many different types of security issues. His latest post is on the Colonial Pipeline ransomware attack and is a very good (and long) read.

https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/#more-55529
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.

John Lubbock

Top
#298951 - 05/11/21 11:05 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Krebs is freaking awesome.

Top
#298952 - 05/11/21 11:24 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
It appears Colonial's website is fubar. Throwing 502s and also advertising it's using a 3 year old version of nginx. *facepalm*


Edited by Ren (05/11/21 11:24 PM)

Top
#298953 - 05/12/21 03:33 AM Re: Pipeline Ransomware Attack [Re: chaosmagnet]
dougwalkabout Offline
Crazy Canuck
Carpal Tunnel

Registered: 02/03/07
Posts: 3219
Loc: Alberta, Canada
Originally Posted By: chaosmagnet
In other words, the threat actor probably regrets this attack due to not getting paid for success and due to the extra attention they will receive from law enforcement and private entities that work on attribution.

Yes, I imagine being reclassified from "criminal nuisance" to "terrorist actor" could introduce all sorts of pesky complications into one's business plan.

Top
#298958 - 05/13/21 10:10 PM Re: Pipeline Ransomware Attack [Re: Blast]
Ren Offline
Addict

Registered: 11/05/07
Posts: 522
Loc: Wales, UK
Story update

https://www.bloomberg.com/news/articles/...llion-in-ransom

Seems Colonial paid $5 million ransom.

Top
#298961 - 05/14/21 02:37 AM Re: Pipeline Ransomware Attack [Re: Ren]
Doug_Ritter Offline

Pooh-Bah

Registered: 01/28/01
Posts: 2197
Well, that will certainly discourage future attacks. crazy


Edited by Doug_Ritter (05/14/21 02:38 AM)
_________________________
Doug Ritter
Editor
Equipped To SurviveŽ
Chairman & Executive Director
Equipped To Survive Foundation
www.KnifeRights.org
www.DougRitter.com

Top
#298965 - 05/14/21 02:43 PM Re: Pipeline Ransomware Attack [Re: Blast]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Good article, thank you Ren.

With regard to paying ransoms, I personally oppose it.

Many companies don't have a comprehensive incident response plan, one that goes beyond IT to include Legal, Public Relations, other internal stakeholders, and external stakeholders like business partners and law enforcement. In these events, companies are learning as they go. Often those lessons are quite a bit more painful without a plan.

I don't know about the victim in this case, but if we suppose for the sake of the argument that they had an excellent plan including all relevant stakeholders, I imagine their thinking could have gone like this:

  • We're losing $BIGNUM per hour
  • The ransom will save us way more money than it will cost
  • We're obligated to our shareholders to stop the losses


Barring a Board of Directors policy forbidding the payment of ransom, the executive leadership of the victim company may very well feel legally compelled to pay it to preserve shareholder value.

Top
Page 1 of 3 1 2 3 >



Moderator:  MartinFocazio, Tyber 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
0 registered (), 269 Guests and 21 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.