  • Oops!
    Something went wrong.
    Please try again later.

Hacking group behind the cyberattack on a key US fuel pipeline is said to be disbanding

Dominic-Madori Davis
·2 min read
  • Oops!
    Something went wrong.
    Please try again later.

,

Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack
Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack Reuters

DarkSide, the ransomware group that attacked Colonial Pipeline last week, sending gasoline prices soaring, is reportedly shutting down, per a new report by the Wall Street Journal.

Citing sources who work in security, the Journal says DarkSide told associates it no longer has access to its servers and pointed to disruptions caused by a law-enforcement agency and pressure from the United States. The website associated with DarkSide was no longer active as of Thursday.

The group said it lost access shortly after President Joe Biden said: "We have been in direct communications with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks. We're also going to pursue a measure to disrupt their ability to operate."

Biden said there wasn't any evidence the Russian government was behind the attack, but those involved "are living in Russia." The Journal, alongside the website Oil Price says it's possible the US successfully disrupted the hackers.

The announcement of its shutdown could also be a cover, however, in which the hackers shut themselves down and take all the money. In fact, the Journal reports, it's not uncommon for ransomware groups to disband only to reappear later under different names.

DarkSide made headlines this week for attacking Colonial Pipeline, which operates the country's largest refined products pipeline and supplies 45% of all fuel consumed on the East Coast. After news of the attack spread, people began panic-buying gasoline, which sent gas prices soaring to over $3 for the first time since 2014.

Per those familiar with the matter, Colonial Pipeline is said to have paid nearly $5 million to the hackers in order to free the pipeline. The pipeline shut down on May 7 and was restarted on Wednesday. As of Saturday morning, operations have returned to normal, the company announced via Twitter.

Ransomware made over $400 million last year and has been emerging as a profitable criminal business, according to blockchain research firm Chainalysis Inc. Security researchers told the Journal Darkside had become prominent within the world of ransomware. Within its first seven months of operation, the firm made at least $60 million - $46 million of which came in the first quarter of this year, Chainalysis Inc. found.

Read the original article on Business Insider

Recommended Stories

  • UBS Asset, Pictet Seek Out Inflation Safe Havens in Stocks

    (Bloomberg) -- With the global inflation debate intensifying, equity investors are fine tuning their portfolios to guard against the impact of price pressures.A preference for companies with the greatest pricing power is one approach adopted by investors from JPMorgan Asset Management to Pictet Wealth Management. While cyclical stocks remain in favor, fund managers are becoming more selective, as pockets of the economically-sensitive asset class may have run too far, too fast.“You hide in pricing power companies -- those companies that will be able to pass higher raw material costs and wages to the end customer,” said Cesar Perez Ruiz, chief investment officer at Pictet Wealth Management in Geneva. “Luxury, concessions companies linked to inflation are some of the sectors that will benefit, but even some cyclical or commodity companies have now more pricing power than several years ago too.”A jump in U.S. consumer prices in April by the most in a decade has intensified an already-heated debate about how long inflationary pressures can last. Higher-than-expected factory prices in China last month and the surge in commodity prices, have added to the concerns.The worries have begun to weigh on stocks. MSCI Inc.’s global equity benchmark slipped 1.6% this week, its biggest drop since February. Technology shares bore the brunt of the weakness as investors bet the return of inflation will bring with it higher interest rates that could hurt stocks with elevated valuations.Wall Street Can’t Agree If Inflation Is Good or Bad for StocksPrice SettersStocks like U.S. railroad companies and paint manufacturers have historically been good at passing on price pressures, though usually with a time lag, according to Richard Saldanha, a portfolio manager at Aviva Investors.Yet there are differing views about how much this applies right now.“Consensus believes that cyclical areas such as banks and industrials are the place to hide in an inflationary environment,” said Caroline Keen, a portfolio manager of JPMorgan Global Growth Fund. “We would counter that banks are generally not price setters and many industrial companies such as autos are struggling with cost increases, with an inability to pass these on to consumers.”Getting PriceyCyclical names are also getting more expensive. Banks now trade around 1.1 times their book value, above the sector’s 10-year average, according to data compiled by Bloomberg. The equivalent for materials stocks is even more extreme after recent surges in commodities like copper and iron ore.That has made UBS Asset Management portfolio manager Max Anderl “slightly wary” of classic inflation hedges like financials or miners after a strong rally this year. “We prefer to look at selected stocks in the IT and media sectors that continue to show exceptionally strong fundamentals but have corrected sharply in this factor rotation,” he said.Ricardo Gil, head of asset allocation at Trea Asset Management in Madrid, has chosen to exit industrial shares in favor of oil stocks and some banks.Idiosyncratic IdeasAnother approach is to sidestep the debate altogether and focus on single stock ideas or non-inflation related investment themes.With reflation bets triggering a sector rotation, equity correlations are falling, which is good news for fund managers looking to beat indexes through stock picking. If most equities are moving in different directions, it’s easier to choose one that stands out from the crowd.The S&P 500 Index’s three-month realized correlation -- a gauge of how closely the top stocks in the U.S. benchmark move relative to each other -- remains well below the average of the last 10 years.“Our way to cope is being overweight in equity alternatives such as Merger Arbitrage and CTAs and focus on idiosyncratic ideas rather than broader sectors,” said Bantleon AG portfolio manager Oliver Scharping.Transitory ShockStill, not everyone believes the world is set for a new era of higher prices and JPMorgan’s Keen isn’t making significant changes to her portfolio despite the recent inflation concerns.The portfolio manager sees inflation as transitory due to year-over-year base effects and temporary supply chain bottlenecks and is conscious of structural deflationary forces that remain in place such as technology, high debt levels and poor demographics.“Loan growth remains muted and fiscal stimulus comes with offsetting tax increases,” Keen said. “So far we have seen no evidence to suggest that we are entering a new inflationary regime.For more articles like this, please visit us at bloomberg.comSubscribe now to stay ahead with the most trusted business news source.©2021 Bloomberg L.P.

  • U.S. stocks jump Friday, but are still down for the week

    U.S. stocks closed higher Friday as investors took a weaker-than-expected reading of April retail sales in stride, shaking off a tumultuous week that has been marked by growing inflation fears. But the sharp gains weren’t weren’t large enough to reverse weekly losses.

  • Puppy Comes ThisClose To Becoming Alligator Food Until Florida Man Saves The Day

    Mike McCoy wrestled with the reptile to free his young dog from a death roll.

  • U.S. Stocks Rebound After Swoon

    International stocks fell, but U.S. stocks held their ground after the plunge triggered by much stronger-than-expected inflation numbers.

  • Fuel shortages begin to ease after Colonial hack

    Gasoline shortages along the U.S. East Coast began to ease slightly on Saturday as the nation's biggest fuel pipeline ramped up operations following last week's cyberattack.Ships and trucks deployed under emergency waivers were filling up dry storage tanks to help stem the shortages.The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record, triggering widespread panic buying by U.S. motorists that left stations across the Southeast out of gas.But the number of gas stations in the east and south experiencing outages fell from 16,200 on Friday to 13,400 on Saturday, according to fuel tracking app GasBuddy.The national gasoline average for a gallon of regular unleaded climbed to over $3, the most expensive since 2014, according to the American Automobile Association.U.S. gasoline demand, meanwhile, dropped 12.6% from the previous week, a GasBuddy analyst said, a decline that was likely due to an easing of panic buying just after the pipeline shut.The hacking group blamed for the attack, DarkSide, said it had hacked four other companies including a Toshiba subsidiary in Germany.Colonial has not disclosed how much money the hackers were seeking or whether it paid. Bloomberg News and the New York Times reported that it paid nearly $5 million to hackers.

  • Florida man wrestles alligator to save his dog

    Fortunately, both the man and the dog were able to escape the attack with no serious injuries.

  • How the Colonial Pipeline hack is part of a growing ransomware trend in the US

    Cybercriminals have attacked solar power firms, water treatment plants and police departments in attempts to extort money Motorists were faced with long lines and dry pumps after Colonial Pipeline was shut down following a ransomware attack. Photograph: Shawn Thew/EPA The wider American public was afforded an unwanted glimpse into the wild west world of ransomware this week, after a cyber-attack crippled Colonial Pipeline, causing fuel shortages across the eastern seaboard and states of emergency to be declared in four states. But experts warn that ransomware attacks – which are part-ransom, part-blackmail, part-invocation of squatters’ rights – are becoming more frequent, while the mostly Russia-based hackers are growing more sophisticated with their methods. They have hit solar power firms, federal and local government agencies, water treatment plants and even police departments across the US. As the nation’s eyes were focused on the pipeline attack this week, another hacker group was busy targeting Washington DC police – striking at law enforcement in the American capital. But it was the pipeline attack that had the most impact, emerging from the dark web and sending tens of thousands of Americans to panic-buy gas for their cars. The 5,500 mile-long pipeline, which carries 45% of the east coast’s fuel supplies, announced on Saturday that it had been forced to shut down after attackers used the internet to seize control of the fuel-pumping operation. On Wednesday, Colonial Pipeline said it had “initiated the restart” of operations, reportedly after paying a $5m ransom fee. But that didn’t stop hours-long lines continuing to form at gas stations in the south-east US, as fuel began to dry up and the price of gas hit its highest point in years. A group of cybercriminals called Darkside has taken responsibility for the ransomware attack, which works by hacking into a company, or government’s, network, and scrambling the data. The hacker then posts a note in the system demanding payment. If the organization pays up, the hacker hands back control. “The analogy would be I break into your house, and once I get access to your house, I change all of the locks, and lock you out of your own house,” said Eric Cole, author of the book Cyber Crisis and founder of the Secure Anchor cybersecurity company. “And then I say: ‘Hey, unless you give me money, I’m not going to give you the keys to your house.’” The Colonial Pipeline debacle is merely the latest in a spate of ransomware attacks, which include the targeting of a water treatment plant in Florida, and the Texas-based SolarWinds IT company. US police forces have also been a focus. The Babuk group, another Russian cyber gang, is currently holding up the Washington DC police department, threatening to release stolen data unless law enforcement cough up an unspecified amount of money. The Presque Isle police department was attacked in April, police in Azusa were hit in March, while the city of Baltimore suffered a costly attack in 2019. As the number of attacks rise, Darkside has become one of the more prominent groups, and Cole said it has managed to “commercialize cybercrime”. “They’ve been in operation for over three years, they started around 2018, and they typically focus on lower end ransoms,” he said. “The average Darkside attack would ask for anywhere from $80,000 to $100,000 ransom, and they would typically do eight to 10 of these attacks a month, so they were bringing in about $12m a year. “But we’ve noticed in the last couple of months they ​started targeting and going after bigger organizations. Colonial really shows their change in business model – where now instead of going after 12 small entities they go after one big one.” The Washington Post reported that 26 government agencies have been hit by ransomware since the beginning of the year. The number of private companies targeted is difficult to calculate, given no company wants to reveal to the world, and to other would-be attackers, that they will pay up if compromised, but it’s likely the number of reported attacks are just the “tip of the iceberg”, one expert said. In most cases, organizations have little option but to pay the ransom. After the city of Baltimore was attacked in May 2019, it decided not to pay the ransom of 13 bitcoins, which at the time came to roughly $91,000. It was a noble move, but not a financially successful one – Baltimore ended up spending more than $18m on recovery. The FBI and other security experts say Darkside is made up of a group of criminals based in Russia, but little is known beyond that. Joe Biden said there is “no evidence” that the Russian government is behind the attack, despite the ransomware that targeted Colonial Pipeline being based in Russia, and Darkside itself reinforced the idea that they are motivated by profits rather than geopolitics, when the group issued a statement this week, describing itself as “apolitical”, and saying: “Our goal is to make money.” With the Colonial Pipeline attack, Darkside took advantage of the pandemic, Cole said. Before the coronavirus outbreak, the pipeline was managed on a closed system by workers onsite. The need to social distance to prevent the spread of the disease led to Colonial Pipeline staff working remotely, using the internet – which ultimately enabled attackers to gain access to computer systems. Colonial Pipeline did not reply to a request for comment. Mark Stamford, CEO of the OccamSec cybersecurity company, said “the criminal business model around ransomware has changed”, and groups like Darkside are becoming more sophisticated. “The way ransomware used to work, you’d get a message that pops up on screen, saying: ‘All your data has been encrypted, send me, for example, 20 Bitcoins, and I’ll send you the encryption key,’” Stamford said. “Now we’ve gone from ransom attacks to sort of extortion. What happens now is that I will get the ransomware into your environment and encrypt your data, but what I’ll also do is exfiltrate the data out of your network. “So now it’s encrypted in your network, so you have to pay me a ransom, but I’ve also got a copy of your data that I can then use to extort cash out of you.” But groups like Darkside don’t just profit from their attacks. Frequently they will also sell ransomware software to would-be cyber-attackers on the dark web, meaning the number of attacks is likely to increase. “You’ve got this bad guy marketplace,” Stamford said. “Where I can go and buy a piece of ransomware – and what’s even more impressive is there’s tech support around this ransomware, so I can call someone and say: ‘I used your ransomware, it didn’t work, can you give me some tips to make it work?’” As Colonial Pipeline scrambles to regain control of its systems, and as the name Darkside reverberates around the US, Stamford said one theory among cybersecurity watchers is that this could even be a promotional effort by the cybercriminal group. “This is a good bit of marketing for them,” Stamford said. “If you’re in the business of selling ransomware this is a really good way to go to the world and say: ‘Look, our stuff’s cool, and it works.’”

  • U.S. fuel crisis eases as pipeline returns to normal after hack

    (Reuters) -Widespread gasoline shortages along the U.S. East Coast began to ease slightly on Saturday as the nation's biggest fuel pipeline said it was back to delivering "millions of gallons per hour" following last week's cyberattack, and ships and trucks were deployed to fill up dry storage tanks. The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record, triggering widespread panic buying by U.S. motorists that left filling stations across the U.S. Southeast out of gas. The pipeline had begun its gradual restart on Wednesday.

  • UK races to test, vaccinate as virus variant threatens plans

    Britain deployed public health officials, supported by the army, to distribute coronavirus tests door-to-door in two northern England towns on Saturday in an effort to contain a fast-spreading variant that threatens plans to lift all lockdown restrictions next month. Cases of a strain first identified in India have more than doubled in a week, defying a sharp nationwide downward trend in infections won by months of restrictions and a rapid vaccination campaign. Government scientific advisers say the variant is likely more transmissible than the U.K.’s dominant strain, though it’s unclear by how much.

  • CAIR to boycott White House Eid celebration over Israel support

    The Muslim advocacy group said it was “incredibly disappointed and deeply disturbed” by the administration’s position in response to the violence.

  • Dairy Queen's Summer Blizzard Treat Menu Is Here–And Includes a Girl Scout Thin Mints Flavor!

    These all sound so amazing.

  • Colonial Pipeline paid a $5M ransom – but will that only invite other malware hacks?: 'If the payments stop, the attacks will stop'

    Some cybersecurity experts, afraid Colonial Pipeline's $5M payout to hackers will trigger more malware attacks, are seeking a ban on ransom payments.

  • Gas shortages continue even as service is restored on Colonial Pipeline

    The gas shortages caused by the pipeline shutdown and panic buying persist.

  • White House says fuel supply returning through Colonial Pipeline but normalcy will take 'few days'

    The White House on Friday said fuel supplies are coming back through the re-opened Colonial Pipeline but it would take a "few days" to return to normal. "We know that supply is returning and that the end is in sight," White House press secretary Jen Psaki said. "We want to remind the public that it will take a few days to fully return to normal," she said, and again urged Americans to only buy the gasoline they need. Colonial Pipeline on Wednesday moved to fully reopen its 5,500 mile pipeline, which provides around 45% of fuel needs to the U.S. East Coast. Oil futures rose Friday, as the pipeline reopened after being shut down since last weekend in response to a ransomware attack.

  • Serge Ibaka looks sharp in return, but Clippers sit several players and lose to Rockets

    Serge Ibaka had 15 points and seven rebounds in his first game since March 14, but the Clippers lost 122-115 to the host Houston Rockets.

  • GOP congressman let his son live in Capitol basement for weeks, lawsuit alleges

    Rep Doug Lamborn ‘gave his son the necessary access to live in a storage area in the basement of the US Capitol,’ the lawsuit alleges

  • Fire causes extensive damage to historic theater in Stockton

    A historic theater in Stockton was heavily damaged in a five-alarm fire Friday. The fire ignited around 5 a.m. at the old Empire Theatre on Pacific Avenue in the Miracle Mile District, according to the Stockton Fire Department. A huge amount of resources were used to put out the flames. The fire marshal says there is smoke and water damage throughout most of the building, and video from LiveCopter 3 shows the extensive damage to the theater's roof. See more in the video above.

  • Singapore tightens COVID-19 measures, travel bubble unlikely

    Singapore further tightened its COVID-19 measures as it seeks to control an increase in untraceable coronavirus infections in the city-state. “A pattern of local unlinked community cases has emerged and is persisting,” Singapore’s Ministry of Health said in a statement Friday. “This is worrying as it suggests that there may be unknown cases in the community with possible ongoing community transmission and that our earlier and ongoing measures to break the chains of transmissions may be insufficient.”

  • Congress strikes surprise deal to move ahead with special commission on Capitol riot

    ‘Inaction – or just moving on – is simply not an option,’ Rep Bennie Thompson says as he announces new bill, which took months to agree on

  • Liz Cheney calls out Fox News for election lies in on-air interview

    Ousted top GOP messenger says cable news channel has ‘particular obligation to make sure people know election wasn’t stolen’