Colonial Pipeline Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 12 Jan 2022 16:14:32 +0000 en-US hourly 1 https://wordpress.org/?v=94173 200474804 Colonial Pipeline CEO Confirms that Company Paid Criminals $4.4M https://gridinsoft.com/blogs/colonial-pipeline-paid-criminals/ https://gridinsoft.com/blogs/colonial-pipeline-paid-criminals/#respond Wed, 19 May 2021 21:42:55 +0000 https://blog.gridinsoft.com/?p=5487 The head of Colonial Pipeline confirmed that the company paid the criminals a ransom after the largest pipeline operator in the United States suffered from the DarkSide ransomware attack in mid-May 2021. The attack caused problems with the supply of gasoline, diesel fuel, aviation fuel, and other refined products, and an emergency regime was introduced… Continue reading Colonial Pipeline CEO Confirms that Company Paid Criminals $4.4M

The post Colonial Pipeline CEO Confirms that Company Paid Criminals $4.4M appeared first on Gridinsoft Blog.

]]>
The head of Colonial Pipeline confirmed that the company paid the criminals a ransom after the largest pipeline operator in the United States suffered from the DarkSide ransomware attack in mid-May 2021.

The attack caused problems with the supply of gasoline, diesel fuel, aviation fuel, and other refined products, and an emergency regime was introduced in a number of states.

The incident forced Colonial Pipeline to temporarily suspend operations, and the company is transporting petroleum products between refineries located on the Gulf Coast and markets in the south and east of the United States. The company’s 5,500-mile pipeline carries up to 2,500,000 barrels per day, roughly 45% of all fuel consumed on the US East Coast.

At the end of last week, Bloomberg, citing its own anonymous sources, reported that the company had paid a ransom of $5,000,000 to the ransomware operators. Although the Washington Post and Reuters previously wrote that the company did not intend to negotiate with the attackers, Bloomberg said that this information was not true.

Almost at the same time as this announcement, Colonial Pipeline was indeed able to restore its pipeline to normal operation, and supplies of petroleum products were resumed to normal volumes.the media noted.

Colonial Pipeline CEO Joseph Blount officially confirmed to Wall Street Journal reporters today that the company paid the cybercriminals a ransom of $4.4 million in bitcoins. According to him, it was necessary to recover as quickly as possible from the ransomware attack, which had an impact on critical energy infrastructure. Blount calls the ransom payment “the right thing to do” for the country.

I know this is a very controversial decision. It was not easy for me to do it. I confess it was uncomfortable to see how money goes to such people.said Blount, saying that the ransom was paid back on May 7.

In the end, the company did receive a tool for decrypting data, but, as previously reported, it worked so slowly that in the end, the company’s specialists were forced to continue the previously started recovery of systems from backups.

Let me remind you that After the sensational cyberattack on the American fuel giant Colonial Pipeline, experts proposed a kind of “vaccine” against Russian hackers.

The post Colonial Pipeline CEO Confirms that Company Paid Criminals $4.4M appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/colonial-pipeline-paid-criminals/feed/ 0 5487
Cyrillic on the keyboard may become a “vaccine” against Russian hackers https://gridinsoft.com/blogs/vaccine-against-russian-hackers/ https://gridinsoft.com/blogs/vaccine-against-russian-hackers/#respond Tue, 18 May 2021 16:08:54 +0000 https://blog.gridinsoft.com/?p=5482 After the sensational cyberattack on the American fuel giant Colonial Pipeline, experts proposed a kind of “vaccine” against Russian hackers. The cybercriminal group DarkSide behind the attack on the Colonial Pipeline hastened to disown any political motives. According to the hackers, they are apolitical and “do not participate in geopolitics.” However, according to journalist Brian… Continue reading Cyrillic on the keyboard may become a “vaccine” against Russian hackers

The post Cyrillic on the keyboard may become a “vaccine” against Russian hackers appeared first on Gridinsoft Blog.

]]>
After the sensational cyberattack on the American fuel giant Colonial Pipeline, experts proposed a kind of “vaccine” against Russian hackers.

The cybercriminal group DarkSide behind the attack on the Colonial Pipeline hastened to disown any political motives.

According to the hackers, they are apolitical and “do not participate in geopolitics.” However, according to journalist Brian Krebs, the cybercriminals’ statement is not true.

Here’s the thing: digital ransomware groups like DarkSide are very concerned about making their entire platform geopolitical because their malware is specifically designed to work only in certain parts of the world.Krebs writes.

According to the journalist, similarly to other ransomware programs, DarkSide contains an embedded list of countries in which it does not infect computer systems. As a rule, this list includes the countries of the former USSR and the CIS countries. In particular, the DarkSide list includes: Azerbaijan, Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Russia, Romania, Syria, Turkmenistan, Tajikistan, Tatarstan, Ukraine and Uzbekistan.

Before installing on a system, the malware checks for the presence of the language of the country from the list and, if it is detected, is not installed.

Cybercriminals are known to react quickly to defenses that reduce their profitability, so why don’t the bad guys just make a difference and start ignoring language checks? Well, they certainly can and maybe even will (the latest version of DarkSide analyzed by Mandiant does not check the system language).the journalist said.

However, the refuse from language check increases the security risk of cybercriminals themselves and reduces profits, explained the chief researcher of the New York-based information security company Unit221B Allison Nixon.

Because of Russia’s “unique legal culture”, Nixon said, Russian cybercriminals use language tests to make sure their victims are abroad.

They do it for legal protection. Installing a Cyrillic keyboard or changing a specific registry entry to “RU”, etc., may be enough to convince malware that you are Russian. Technically, this can be used as a “vaccine” against Russian malware.Nixon explained.

Does this mean that installing the Russian layout will one hundred percent secure the system from hackers? Not. There are many groups in the cybercriminal world that, unlike DarkSide, don’t care about the victims of their attacks. Changing language settings cannot replace cyber hygiene and cybersecurity best practices, Krebs emphasizes. However, the expert sees no reason why not to try such simple preventive way to keep yourself safe.

The worst thing that can happen is that you accidentally switch language settings, and all your menu items will be in Russian.writes Krebs.

Let me remind you that I also wrote that NATO experimented with deceptive techniques to combat Russian hackers.

The post Cyrillic on the keyboard may become a “vaccine” against Russian hackers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vaccine-against-russian-hackers/feed/ 0 5482