Ransomware Attack Forces State of Emergency in the US

Published · May 12, 2021

The US Federal Motor Carrier Safety Administration (FMCSA) issued a state of emergency in 17 states yesterday. It now allows alternative modes of transporting gas and other petroleum-derived fuels to mitigate shortages caused by recent ransomware attacks.

Colonial Pipeline issued a statement on Friday that it was halting all pipeline operations. This effectively cut off the supply lines carrying about 45% of the East Coast’s fuel supply. The decision was forced by a ransomware infection that had impacted the majority of the operator’s IT systems.

The halt was initially not projected to affect fuel prices. However, with the shutdown dragging into its fourth day and Colonial Pipeline only restoring minor fuel routes, prices have risen by as much as 4% in some areas.

DarkSide, a Russian ransomware group, has claimed responsibility for the attacks.

The group is a relatively new player in malware, operating under a Ransomware-as-a-Service model.

In other words, the group is responsible for maintaining the ransomware and negotiating payment, while affiliates disseminate the ransomware and take a portion of the proceedings.

The model has proved incredibly effective, turning practically any disgruntled employee into a potential spreader of malware, especially for companies that don’t run proper background checks.

DarkSide has already gained a reputation for running a tight ship. It has a dark website with frequent activity updates, as well as data on everything it has collected. The organization even runs a full helpdesk to negotiate with victims, which has led to several experts dubbing the service as “Ransomware-as-a-Company.” 

DarkSide goes as far as styling itself as the Robin Hood of ransomware, upholding a strict code of conduct by not attacking organizations like hospitals or funeral homes. Instead, it goes after the industrial sector, which also happens to be a more profitable target.

The group is known for donating a portion of its bounty to charities.

The hackers issued an apology for the social consequences of the attack, promising to vet the organizations it attacks more carefully in the future. The apology on DarkSide’s site stated, “Our goal is to make money and not creating problems for society.”

The statement elicited little sympathy from both security experts and regular citizens.

It remains to be seen if Colonial Pipeline will bring its systems online fast enough to avoid further price hikes.  What the recent attacks certainly indicate, however, is that companies globally need to implement radical measures to prevent future incidents.

If you run your own organization, no matter how large or small, consider closely monitoring your network, having security systems in place, and running frequent data backups or disaster recovery.

Individuals should consider at least antivirus protection for their computer, if not anti-identity theft tools and VPNs as well. It’s now more important to stay safe than ever.

Branko Krstic
Branko Krstic

Branko is a round-the-clock tech geek and loving it. His ideal vacation destination is the Akihabara District (or really any place he can take his computer). If there’s a server out there, count on him to find out what it’s made of… and tell you all about it.