The Wall Street Journal reports on the malware attack that shut down the Colonial pipeline late last week:
While ransomware has been a challenge for small businesses for years, a confluence of factors have emboldened attackers in the past year, culminating in the shutdown Friday of a critical gasoline pipeline to the U.S. East Coast. The pipeline’s operator, Colonial Pipeline Co., now says service could be offline until week’s end, threatening to raise prices at the pump for millions of Americans.
How soon we forget. The NotPetya malware attack happened four years ago and shut down operations at the Maersk shipping line for more than two weeks. Adam Banks, head of technology at Maersk, describes what happened:
Two years on, Banks is willing to outline the scale of the destruction he encountered as what later become known as the NotPetya malware took hold and the company’s operations ground to a halt. “All end-user devices, including 49,000 laptops and print capability, were destroyed,” he says. “All of our 1,200 applications were inaccessible and approximately 1,000 were destroyed. Data was preserved on back-ups but the applications themselves couldn’t be restored from those as they would immediately have been re-infected. Around 3,500 of our 6,200 servers were destroyed — and again they couldn’t be reinstalled.”
The cyber-attack also hit communications. All fixed line phones were inoperable due to the network damage and, because they'd been synchronized with Outlook, all contacts had been wiped from mobiles — severely hampering any kind of coordinated response.
....Banks is candid about the breadth of the impact: “There was 100% destruction of anything based on Microsoft that was attached to the network.”
Maersk was able to recover only thanks to a wild bit of good luck: an uninfected directory file from their office in Nigeria. Even at that, though, the effect on shipping was a hundred times greater than the Suez Canal blockage earlier this year, and the damage to Maersk clocked in at about $300 million.
The NotPetya attack also hit WPP, Merck, Rosneft, Saint-Gobain, DHL, Cadbury's, JNPT, FedEx, and others. Total damage has been estimated at around $10 billion.
Technically, NotPetya wasn't a ransomware attack because the payload had been altered so that the files it encrypted couldn't be decrypted at all by anyone. But that's a tiny difference. We've known for a long time just how destructive this stuff can be on both small companies and the largest of multinational corporations. Nothing that happened this year taught us anything new.
"Maersk was able to recover only thanks to a wild bit of good luck: an uninfected directory file from their office in Nigeria."
LOL. Talk about irony.
One of the sithole countries your Leader Supreme at Maralago condemned as contributing to the downfall of society.
@Mitchell Young
It appears your early trolling here was not getting the desired results, as your comments drift into more and more xenophobic, racist territory. Any day I expect you'll be telling Michelle Obama to go back where she came from.
Well, he's not very good at it, is he? Strictly a cut-and-paste la-z-boy.
There's not a lot governments can do. Hopefully insurers are revising policies so their clients are only covered against these kinds of attacks
if they have implemented comprehensive cyber security measures.
This situation is no different than state-sponsored terrorism.
Would you take the same position there- that putting pressure on the sponsoring state is a waste of time?
Except, that these hackers are willing to deal by some reports...https://www.google.com/amp/s/www.cnbc.com/amp/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html
Pay up.
Nope absolutely not! We cannot go on being at the mercy of the hackers. They went a bridge too far this time. What next hacking our electrical grid or water supplies?
We have to work to put Putin in his place, he is too emboldened by the success he had with the Trumpies. Putin needs to learn that he cannot let the hackers wreak havoc on the rest of the world.
I don't know if this was Russian as a state action. Anyway, I'm with you. But I'm also of the thought that if payment is made and the hostage isn't released, then the tactic may never work again. Especially since this is now MSM. But I'm also thinking about a single mom trying to get to work in her beat up Corolla spending bucks she doesn't have to get to a shitty job to feed the kiddies in daycare and make rent.
If it's really a warlike action, then fine play it like that. But I think it's truly a shakedown. This is the normal, and it's been like that, as the Blogger has stated, for a while - just not as slick.
Whether or not it's a state action, nothing happens in Russia without Putin's okay so he's let the ransomware groups flourish in his own country. For all we know Putin get a cut of the action to make it worth his while to allow them to operate in Russia.
Russia should be punished for doing nothing to crack down on those gangs.
It's their third leading export after petroleum & krokodil.
Code and tactics pioneered by wealth-seeking criminals can easily be weaponized. Why not let the creativity of cybercrooks feed into your own cyberwarfare programs? If you can shut down a pipeline vital to the half of the country where the government lives ... well, that whiz bang super fighter jet that cost so much won't do them much good.
Add to this, it's difficult and often uncertain to trace back where a cyberattack came from. It's easy to spoof. Cyberforensics takes time.
Cheap and incredibly effective. We're looking at the superweapon of the future. And it will always be thus, as long as we insist on crappy, insecure software and o/s that require constant patching to fix stuff that shouldn't have been built in, in the first place.
Thanks a lot, Mr. Gates.
@Salamander
Gates left Microsoft before the release of Windows 7, 8, 8.1 and 10. Plenty of insecure design and blame to go around, but can't pin it all on Bill Gates.
Sure we can. He is the one who ILLEGALLY created the largest monopoly on Planet Earth (94% of business systems run Microsoft) and got away with it.
>Nothing that happened this year taught us anything new.
Because software companies as policy discourage learning from their mistakes. I can’t count the number of times I’ve encountered some problem with software, looked it up on teh gooogle, and found that people have been complaining about the same problem for five or ten years. Over the decades that I have owned cars, quality and reliability have improved by orders of magnitude, because the competition had adopted the ‘continuous improvement process’ and was kicking the domestic makers’ butts. The software duopoly clearly doesn’t have sufficient incentives to fix smaller issues; thereby denying themselves the opportunity to learn from them how to improve processes and outcomes, lessons which could be applied to the bigger issues of security.
That said, end users know that the software they are buying has recurring security issues, and should be taking their own precautions.
It's no easy task to change network architecture, implement new security protocols, and change end-user habits.
You build separate, air-gapped networks with remote redundancy and separate access privileges using 512-bit USB key to login.
And then one day some worker complains about his computer acting weird, and a lazy admin logs in remotely while attached to one network, to inspect the computer. In a matter of seconds, shit goes down and the admin asks the worker, "Did you open a file from an email?"
Too late.
I wouldn't blame Bill Gates for this situation. Computers do so much to improve our day-to-day lives that they were going to happen even if Bill had decided to go into law like his father.
I remember typing papers for college classes. On a typewriter. I'm not that old.
I remember not knowing my father had gone into the hospital with a kidney infection because I was away at camp and there wasn't any mobile network/phones to reach me with.
I remember wondering stuff like "who was in Footloose besides Kevin Bacon?" and not being able to look it up instantly.
I'm sure the schedules and contracts of shipping companies were very different before there were computers and the internet. I don't think there's a lot of people who want to go back.
Now I'm a bit sensitive about this because I spent my whole adult life working in this industry with the belief that I was making life better.
I still believe that, but every silver lining has a bit of dark cloud that comes along with it. In this case, a DarkSide.
Most everyone likes the conveniences that our ultra-connected tech world brings. But, respectfully, your list of conveniences seems puny compared to the dangers and economic disruptions caused by hackers getting into critical infrastructure. As someone who has worked in the industry, what fixes can your propose, or are we just doomed to bleed and mend, bleed and mend.
Kevin says this is nothing new, and we should have seen it coming. Okay, but what does he suggest we do? I'm seriously concerned about our adversaries being able to offer $50,000 bonuses to hackers who break into our billion dollar critical infrastructure systems. What are the practical, doable things we can do to fix this problem, because it sure seems like the black hats are many steps ahead to the white hats.
Since improving our own security seems to so hard, I suppose one of the things we could do is counterattack. If the lights go out in the Kremlin for a week or two, maybe Putin will get the message and we can start a new round of M.A.D. On the plus side, military budgets will balloon, the only money everyone in Congress agrees is well-spent. I kind of miss those "drop and cover" drills...
Functional programming. Provability. Etc.
I don't get it. Not a geek, but is it really that hard to maintain a full backup off line so you can just wipe the memory and reload from scratch?
Sometimes it's not that you had an offline backup copy; it's that the offline backup copy was already compromised because it was a copy of an already compromised network with active infection, but you didn't know about it until the hacker(s) triggered a catastrophic event.
And today's news includes the release of more personal information about Washington, DC police officers by hackers. Those who think that there is no need to spend money on this problem. & that it isn't part of modern infrastructure, are simply wrong.
It seems to me the federal government needs to get serious about going after these hackers. They are thieves and are like terrorists. State action is needed.
If there is anything we need to spend more money on, it's going after internet crooks. That includes everything from spammers fooling people to get money to the attack on Colonial pipeline.
Remind me again, what the Trump "administration's" response to cyber-security threats was?
I got caught up in the NotPetya attack, and was lucky. I'd taken my laptop home, and came in early - only to run into one of our HR people who said "Don't plug in your computer." We then posted signs at the doors into our office off the elevator lobby. But we all still had to get every one of our 800+ computers in my office location checked before we could return to normal.