The FBI and the Cybersecurity and Infrastructure Security Agency said Tuesday night that critical infrastructure entities should take immediate precautions in case cyber attackers target them next, following the Colonial Pipeline attack.
Federal officials urged those who operate critical infrastructure to “adopt a heightened state of awareness,” implement “robust segmentation” between information technology and operational technology networks, test manual controls, and ensure backups are isolated from network connections.
The FBI and CISA also warned those affected by ransomware attacks not to pay their attackers.
“CISA and the FBI do not encourage the payment of a ransom to criminal actors,” the agencies said in the joint cybersecurity advisory. “Paying a ransom can encourage adversaries to target additional organizations, encourage other criminal actors to participate in the distribution of ransomware, and / or it can fund illicit activities. Paying the ransom also does not guarantee that the victim’s files will be recovered. “
Colonial Pipeline, which has said it provides nearly half of all the fuel consumed on the East Coast, suffered a ransomware attack, which involved malicious software that restricts access to data and systems until victims pay attackers in exchange for the material held hostage.
Federal officials also provided additional details about the DarkSide ransomware that the FBI previously announced was used in the cyberattack against the pipeline. The joint notice said that since August 2020 DarkSide actors have been targeting “multiple large, high-income organizations” that may pay large ransoms rather than other targets such as hospitals, schools, nonprofits and governments.
“After gaining initial access to the pipeline company’s network, DarkSide actors deployed DarkSide ransomware against the company’s IT network,” the joint notice said. “In response to the cyberattack, the company reported that they proactively disconnected certain [operational technology] systems to ensure the security of the systems. At this time, there is no indication that the threat actor has moved laterally to [operational technology] systems “.
Colonial Pipeline said Saturday it proactively shut down systems to contain the threat, which included temporarily halting all pipeline operations.
On Tuesday night, Colonial Pipeline said it was working with the Department of Energy to prioritize supplying fuel to markets experiencing “supply constraints.”
“Since our pipeline system went offline, working with our carriers, Colonial has delivered approximately 967,000 barrels (~ 41 million gallons) to various delivery points throughout our system,” Colonial Pipeline said in a statement. “This includes delivery to the following markets: Atlanta, Ga., Belton and Spartanburg, SC, Charlotte and Greensboro, NC, Baltimore, Md., And Woodbury and Linden, NJ. Additionally, in preparation for our system reboot, we have received an additional 2 million barrels (~ 84 million gallons) from refineries for deployment upon reboot. “
Before Colonial Pipeline systems are fully restored, East Coast travelers are expected to notice a change in gas prices. Earlier this week, the American Automobile Association predicted that the pipeline disruption would exacerbate already rising gasoline prices.
Colonial Pipeline’s corporate website also fell earlier on Tuesday, but the company said on Twitter that the service outage was not related to the ransomware cyberattack.
