'This is a cyber disaster turning into a real-world catastrophe': America's largest fuel network scrambles to restart its systems as experts say Russian group DarkSide's hack on Colonial Pipeline is 'the most impactful ransomeware attack in history'

 The cyberattack carried out by Russian ransomware hackers that shut down America's largest fuel pipeline has left the operator and the US government scrambling to restart the network to avoid fuel shortages and drastic price hikes as experts fear the attack could turn a 'cyber disaster into a real-world catastrophe'. 

The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry. 

Colonial said it was forced to shut down all its pipeline operations on Friday to contain the threat after becoming the victim of a ransomware cyberattack, which is a technique where the victim's computer systems are hacked and then payment is demanded to unlock them.  

DarkSide, a Russian hacking outfit made up of ransomware veterans, is believed to be behind the attack. 

Colonial, which is based in Atlanta, Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers. 

Cyber experts have already warned it has the potential to become a 'real-world catastrophe' the longer it stretches out and say it should serve as a wake-up call to companies about the vulnerabilities they face.   

+5

The cyberattack carried out by Russian ransomware hackers that shut down Colonial Pipeline, America's largest fuel pipeline, has left the operator and the US government scrambling to restart the network to avoid fuel shortages and price hikes 

+5

The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry

'This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe,' Andrew Rubin, CEO and co-founder of cybersecurity firm Illumio told NBC News.

'It's an absolute nightmare, and it's a recurring nightmare. Organizations continue to rely and invest entirely on detection, as if they can stop all breaches from happening. But this approach misses attacks over and over again. Before the next inevitable breach, the president and Congress need to take action on our broken security model.'  

It is not yet clear how long the shut down is expected to last. 

Colonial has not provided a timeline for a full restart of the 5,500 mile system, which moves more than 2.5 million barrels per day of gasoline, diesel and jet fuel - supplying motorists and major airports. 

The American Automobile Association said on Monday that gas prices were already starting to spike and are only excepted to surge further as a result of the Colonial shutdown.  

'This shutdown will have implications on both gasoline supply and prices, but the impact will vary regionally. Areas including Mississippi, Tennessee and the east coast from Georgia into Delaware are most likely to experience limited fuel availability and price increases, as early as this week,' an AAA spokesperson said.

'These states may see prices increase three to seven cents this week.' 

The fuel pipeline operator said on Sunday it had restarted some smaller lines between fuel terminals and customer delivery points but its main lines remained shut. 

'We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,' the company said.   

Experts are saying that gasoline prices are unlikely to be significantly affected and there will not be a lasting impact if the pipeline is back to normal within five days. 

If it lasts anywhere between six to 10 days, Wells Fargo analyst Roger Read warned gas prices will continue to spike along the East Coast and spot shortages will start in the Southeast. 

Anymore than 10 days offline will result in 'significant fuel shortages' in the Southeast, according to Wells Fargo. 

As the shutdown entered its fourth day, the Department of Transportation issued an emergency declaration for 17 states and the District of Columbia to help keep fuel supply lines open and the White House organized a federal task force to assess the impact and avoid more severe disruptions.  

+5

Experts are saying that gasoline prices are unlikely to be affected and there will not be a lasting impact if the pipeline is back to normal within five days. Anymore than 10 days offline will result in 'significant fuel shortages' in the Southeast

+5

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom. Colonial, which is based in Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers

The regional emergency declaration relaxes hours-of-service regulations for drivers carrying gasoline, diesel, jet fuel and other refined petroleum products in the effected states.

It lets them work extra or more flexible hours to make up for any fuel shortage related to the pipeline outage. 

The Department of Transportation could take additional measures if the outage continues. 

The resulting shutdown has already disrupted fuel supply across the East Coast, triggered isolated sales restrictions at retail pumps and pushed benchmark gasoline prices to a three-year high. 

The line supplies jet fuel to major airports including the nation's busiest: Atlanta's Hartsfield-Jackson International. 

The airport expects the outage to be resolved before any impact on flights, a spokesman said.

An alternative, smaller conduit that serves the same region has already filled. Kinder Morgan Inc's 720,000-bpd fuel pipeline had been working with customers to take on additional volumes since Friday and reached full capacity for May on Sunday, a spokeswoman for the company told Reuters.

If the disruption stretches on, fuel suppliers would need to use trucks and rail to transport fuel to compensate.

'A Herculean effort would be needed from other sources to make up the shortfall (in the East Coast) if the pipeline disruption is prolonged,' RBC Capital Markets wrote in a note. 

A prolonged shutdown of the line, described as the 'jugular of infrastructure' by one analyst, would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to US consumers and the economy. 

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are 'what businesses now have to worry about' and that she will work 'very vigorously' with the Department of Homeland Security to address the problem, calling it a top priority for the administration.

'Unfortunately, these sorts of attacks are becoming more frequent,' she told CBS' Face the Nation. 'We have to work in partnership with business to secure networks to defend ourselves against these attacks.'

She said President Joe Biden had been briefed on the attack.

'It's an all-hands-on-deck effort right now,' Raimondo said. 'And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply.'

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom. 

Experts said that the incident should serve as a wake-up call to companies about the vulnerabilities they face.  

Colonial said it immediately hired an outside cybersecurity firm to investigate the nature and scope of the attack and federal agencies have been called in to assist.  

DarkSide is considered the main suspect for the cyberextortion attack on the pipeline.   

It is among ransomware gangs that have 'professionalized' a criminal industry that has cost Western nations tens of billions of dollars in losses in the past three years. 

DarkSide first emerged in August 2020 and has used its ransomware on companies including CompuCom, an Office Depot subsidiary, as well as a Canadian division of rental car company Enterprise. 

DarkSide, which is believed to be based in Russia, cultivates a Robin Hood image of stealing from corporations and giving a cut to charity.

Hackers, like DarkSide, are essentially allowed to act without penalty in Russia given they never target the country or its allies. 

Cyber experts say Russia gives free reign to hackers who target Western countries. 

'Whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cybercrime,' said Dmitri Alperovitch, a co-founder of CrowdStrike.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets. 

Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network because some victims are loath to see sensitive information of theirs dumped online.  

+5

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are 'what businesses now have to worry about' and that she will work 'very vigorously' with the Department of Homeland Security to address the problem, calling it a top priority for the administration 

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners. 

According to data security firm Arete, DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim's server and encrypts it.

The software leaves a ransom note text file with demands.

Ransoms average more than $6.5 million, Arete said, and the attacks lead to an average of five days of downtime for the business.  

Ransom software works by encrypting victims' data and typically hackers will then offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. 

If the victim resists, hackers threaten to leak confidential data in a bid to pile on the pressure.

DarkSide's site on the dark web hints at their hackers' past crimes with claims they previously made millions from extortion and that just because their software was new 'that does not mean that we have no experience and we came from nowhere'.

The site also features a Hall of Shame-style gallery of leaked data from victims who haven't paid up.

It advertises stolen documents from more than 80 companies across the US and Europe.

One of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting 'portions of its information technology systems' last month.

In some ways DarkSide is hard to distinguish from the increasingly crowded field of internet extortionists. Like many others it seems to spare Russian, Kazakh and Ukrainian-speaking companies, suggesting a link to the former Soviet republics.

It also has a public relations program, as others do, inviting journalists to check out its haul of leaked data and claiming to make anonymous donations to charity.