A criminal gang launches a ransomware attack against Colonial Pipeline. This shuts down gasoline deliveries to the entire east coast United States for six days. Nope, not fiction. Real life. People ask why we tolerate cyberattacks like these. This is the wrong question. The right question is, why are our defenses so bad? This one was a giant inconvenience to millions of Americans and played out over a couple of weeks. The next one might be worse. Maybe we’ll finally open our eyes.
Wednesday, May 12, 2021, WCCO AM 830 with Cory Hepola
Friday, May 14, 2021, WCCO AM 830 with Cory Hepola
Sunday, May 16, 2021, AM1280 The Patriot with Brad Carlson
WCCO AM 830 with Cory Hepola, Wednesday, May 12, 2021; Colonial Pipeline Ransomware
Friday, May 14, 2021 after we learned Colonial Paid a $5 million ransom
Previous WCCO Radio appearance
AM1280 The Patriot, with Brad Carlson, Sunday, May 16, 2021; Colonial Pipeline Ransomware and some 2020 election hangover
Here is a frame with the recording from the AM1280 The Patriot website. My portion starts around the 33 minute mark.
Previous AM1280 The Patriot appearance
Here is the Fireeye blog about the Darkside ransomware as a service gang.
Colonial paid a $5 million ransom to its attackers for a decryption tool. But…
“Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.”From the Bloomberg article linked above
Kim Zetter also has a couple of great articles from first–hand sources on her Zero Day blog.
- US Gov Issues Emergency Order While Colonial Pipeline Is Down
- Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption
In the wake of the Colonial Pipeline, Microsoft Exchange, SolarWinds, and thousands of other incidents, President Biden issued an executive order on May 12, 2021 with a goal to improve our nation’s cybersecurity. It calls for a standard incident response playbook, establishes a cybersecurity review board, encourages information sharing, and uses the Federal Government’s clout as a large customer to encourage suppliers to adopt best practices when building new versions of their software products.
Will the executive order make a difference? Maybe. It’s overdue. But dealing with the government often devolves into courting relationships instead of substance, and this well-intentioned order could fall victim to the same old good ol’ boy network.