Cyberattack Shuts Down a Critical Fuel Pipeline
A ransomware attack on Colonial Pipeline forced the company to shut down a vital fuel pipeline for five days. The pipeline running from Texas to New York was attacked by the hacker group, DarkSide.
It was one of the most visibly disruptive cybersecurity incidents in American history. The pipeline supplies almost half of the fuel on the U.S. East Coast. The governor of North Carolina declared a state of emergency due to the shortages. President Joe Biden said the country would locate and prosecute the attackers.
The attack triggered gas shortages and price hikes over several days across multiple states, including North Carolina, Virginia, South Carolina, Georgia, Alabama, and Florida. Colonial’s CEO admitted to paying the hackers a $4.4 million ransom.
Evidence including from DarkSide’s own statement suggested that this was an attack aimed at extortion as opposed to the destruction of critical infrastructure. Nevertheless, the incident will only increase concerns about an enemy state launching a similar attack on this and other critical infrastructure.
‘Catastrophic’ Ransomware Attack on Ireland’s Public Health Care System
Ireland’s Health Service Executive (HSE) was the target of what its head described as a “catastrophic,” “callous,” “stomach-churning” ransomware hack of its systems. The Irish prime minister referred to the attack as “heinous.”
It is considered the most significant cyberattack in the country’s history. The HSE is Ireland’s largest employer. It has a bigger annual budget than any other public sector body in the country.
The HSE shut down nearly all its systems after learning of the attack. Ireland’s COVID-19 vaccine portal had to be closed temporarily. The National Cyber Security Center identified the Russian-speaking “Wizard Spider” gang as the group behind the attack.
The ransomware attack caused numerous cancellations of outpatient services. Appointments in some areas fall by 80%. With the difficulty in accessing patient records, health workers had to turn to paper records as attempts at recovering the systems continue. While the systems were expected to be back up in a matter of days, system clean-up, recovery, and repair work are expected to run for weeks.
Officials described as credible the screenshots and files from the hack shared on the Dark Web. Criminals could use patient and medical data for fraud or as leverage for ransom demands. A ransom had been sought from the HSE but would not be paid as per government policy.
CNA Paid $40 Million Ransom to Hackers
CNA Financial Corp, one of the largest insurance companies in the U.S., reportedly paid $40 million to hackers in late March. The company made the payment in late March to regain control of its systems that had been paralyzed by a ransomware attack. The decision was made after employees were locked out of certain CNA systems.
If it happened, the ransom would be the largest known payment to hackers. Ransomware payments are rarely disclosed, so it is hard to know what is actual largest payout ever is. Either way, this is likely to be near the top.
A CNA spokesperson declined to comment on the ransom but said the company had followed all applicable laws, regulations, and guidelines. In an advisory last year, OFAC said facilitating ransom payments to hackers could attract sanctions. CNA said it had consulted and collaborated with the FBI and OFAC in handling the matter. The company did not believe the systems holding the majority of policyholder data were impacted.
Disclosure of the payout is bound to draw the wrath of regulators and lawmakers already displeased that U.S. companies were making substantial payouts to criminal hackers. A ransomware task force estimated that ransom payments in 2020 touched $350 million, more than four times the 2019 figure. This excludes the costs organizations incur due to downtime and recovery.
The FBI discourages the payment of ransom since it creates an incentive for future attacks and does not guarantee that data will be returned or that the information will not be later sold on the Dark Web.