The Echo-nomist

Hackers have taken over operational control of the Colonial Pipeline using ransomware tools provided by the Ransom-as-a-service comapny, DarkSide. Whoa, a lot of big words there. Let’s break down the situation.

The Colonial Pipeline is one of the biggest gas pipelines in the US and supplies around 45% of the fuel to the East Coast, and travels 5.5k miles from Texas to New Jersey. The same pipeline that carries 2.5 million barrels of gas everyday, got cyber-hacked, big time.

A pipeline isn’t just oil, pipes and black liquid. It’s actually highly digitalized. There is a lot of operational technology involved, which includes thermostats, valves, pumps to control the flow of oil as it travels miles. They have software’s for this internal networking.

The hackers directly hacked into their operational technology, which is rare. Colonial was forced to temporarily halt all pipeline operations, because of the ransomware cyberattack. They were threatened that the stolen data would be leaked to the internet and that the info inside the computers would remain locked unless they’re paid ransom. In today’s world, data is the new oil. The hackers seem to agree, because pipeline data is what’s held hostage. It’s not clear what they’re demanding in turn though. Probably a lump sum? They’re estimated to have stolen nearly 100 gigabytes of data!

It’s like the leader of an assassin group held hostage and the assassins getting orders from the kidnapper. It wouldn’t have been a good idea to continue operations, with the ransomware abductors having control over their systems. So they shut down an entire pipeline. It has been indefinitely shut down since Friday. If it doesn’t reopen sometimes soon, it’s going to cause some serious problems.

It will directly affect the supply of gas. People are filling up their tanks in anticipation of a possible shortage. This has led to some gas stations running out of fuel already. This has already started affecting price of fuel. It’s pennies away from reaching it’s highest price since 2014! The national average for a gallon was $2.985 on Tuesday. According to BBC, “Unless they sort it out by Tuesday, they’re in big trouble,” said Gaurav Sharma, an independent oil market analyst. “The first areas to be hit would be Atlanta and Tennessee, then the domino effect goes up to New York

Apart from this, it could also affect oil production. The oil produced has to be transported in order for it to be used. Since the pipeline is shut, there’s no way for this to happen. Of course, they have barrels to store this oil in but those are also limited. If it doesn’t open up soon, they’ll run out of storage for gas, inevitably leading to the shut down of oil production. Restarting wells can be extremely expensive and time consuming.

The hackers were part of the Cyber group DarkSide. They follow the ransom-as-a-service model. So the RaaS is a subscription model that allows the user to execute ransomware attacks, like this, by using ransomware tools developed by the company (DarkSide in this case). This means, DarkSide didn’t hack into Colonial but tools developed by them were used by someone to execute this cyber hack. It’s like a darker version of Software-as-a-service. RaaS is Dru from Despicable me, and SaaS is Gru!

Wait, this gets more interesting. Darkside apologised for creating societal havoc! They clarified that they are an apolitical organisation, who stay away from geopolitics. They only care about them dollars🤑🤑. After this incident, they have also introduced moderation checks so that each company that uses their tools isn’t causing social unrest. In the past, the company has claimed to donate ransom money to charities!!

Cybereason found that the group is highly professional, offering a help desk and call in phone number for victims, and has already published confidential data on more than 40 victims. It maintains a website called “DarkSide Leaks” that’s modeled on WikiLeaks where the hackers post the private data of companies that they’ve stolen

CNBC

Next few days will be interesting, as we see how Colonial manages this crisis. Whether they pay up, or are able to work around this ransomware attack. It will have far reaching implications for most industries. With all controls being online, and IT being the norm, we expect the frequency and severity of ransomware attacks to go up. Only way to avoid these attacks is to go off the internet, but that is not feasible in an increasingly interconnected world. Ransomware saga has just begun…

UPDATE (5th June, 2021):

Colonial paid $4.4 billion worth of Bitcoin to reclaim their systems. (But they’re probably not so happy now that the value of Bitcoin is falling…)

Also- JBS, earth’s largest meat producer, was forced to shut down all its US beef plants after a cyberattack. JBS supplies nearly a quarter of America’s meet and someone took their systems as ransom. AGAIN! The difference is, this time FBI is blaming a Russia based hacking group called REvil.

The hackers are smart. They’re using Bitcoin and other crypto as a mode of payment because it’s harder to track and may require sophisticated government intelligence. And since data is the new oil, companies pay for their data when it is hacked. By doing so they are unknowingly promoting more ransom-as-a-service attacks in the future.

This is hardly the start of such attacks!