There are too many sources I could link, so I’ll just summarize what I’ve read so far.
I’m sure it’s no consolation to anyone, but I learned yesterday that the Colonial Pipeline ransomware attack affected only the office computers and network, not the systems that run the pipeline itself. Technically, Colonial could easily pump the fuel, but they don’t have a back-up system for getting paid for it. And apparently they don’t have a good computer data back-up system, either. A normal part of IT security is occasionally testing your back-up recovery procedures to discover all the glitches in the system that otherwise do not manifest.
On the other hand, that means spending money on personnel, equipment and software. These folks are running huge networks of Windows machines. If you have ever experienced the back-up process built into Windows, it can be quite painful. Last night I ran back up on a laptop that has only a few files on it, nowhere near the 1TB capacity of the hard drive. It took over an hour for the system back-up. If you use free alternatives, their procedures are Byzantine, with all sorts of crazy terminology and nothing that could pass for “user-friendly” execution. The easy stuff costs money, but is far superior to what is built into Windows.
I’m really not surprised at how few businesses and governments — and individual consumers — do this right. The reported plague of ransomware exposes just how few they are.
In related news, the folks behind the ransomware attack have made some odd claims. You have to understand: There are two different groups in operation here. One is the folks who create and maintain the ransom-seeking software. They offer to manage this part by contract for any partners who are better at simply breaking into the computer networks. Two is the freelance hackers who do that dirty work. It’s called “ransomware as a service” (RaaS). The ransomware source takes a 30% cut, but handles the encryption, receives the money, moves the copied data, and interacts with the victim. The affiliates who perform the more time-consuming task of finding the victims get the rest of the money. It has evolved that far.
At any rate, the folks who run the show have offered a press release that they failed to keep their affiliates under control, and that they would not normally have approved this kind of disruption to society. Several RaaS outfits have noted they try to avoid hitting hospitals and charitable organizations. So this particular organization said they have promised to assert more control over the process to prevent future incidents of this magnitude. And just to show their sincerity, they diverted a significant amount of payment to some charities. The charities in turn have refused the money.
Crazy world, no?
Anyway, the fuel shortage has hit all over the southeastern part of the US, including a number of military installations. The FBI and other LE agencies are all hot on sniffing out the perpetrators. There is a fair chance this will lead to some arrests, and the folks who manage the ransomware operation know this. Thus, their unusual press release. Network and Computer Forensics is one of the fastest growing disciplines in the world today, and pays exceptionally well. You’d be surprised how many experts would simply volunteer to look into this from their own angle; it’s great PR.
Suspicious 0berservers guy said the pipeline hack occurred at roughly the same time the most recent CME hit us messed around with some electrical things. Interesting.
Yep; I caught that. But I sense it remains just a coincidence. However, I also know that there are some folks here in the US who benefited greatly from that fuel shortage, and it’s people who aren’t in the oil business at all. I am in no position to suggest they were in on the hacking part, but there are some folks in the Intel Community who were delighted at the economic disturbance. Look for more such disturbances to come simply because it strengthens their hands.