Tag Archives: Cyberattack

Ukraine hit by cyberattack hours after talks wrapped up “no breakthrough”

Matthew 24:6 You will hear of wars and rumors of wars, but see to it that you are not alarmed. Such things must happen, but the end is still to come.

Important Takeaways:

  • ‘Be afraid’: Ukraine hit by cyberattack as Russia moves more troops
  • Kyiv says around 70 government sites hit by cyberattack
  • Ukraine was hit by a cyberattack splashing a warning across government websites to “be afraid and expect the worst,” while Russia, which has amassed 100,000 troops on its neighbor’s frontier, released pictures of more of its forces on the move.
  • “Drumbeat of war is sounding loud” says U.S. diplomat
  • Moscow says it could take military action unless demands met
  • NATO says it will sign cyber cooperation pact with Kyiv
  • The cyber-attack unfolded hours after talks wrapped up with no breakthrough between Russia and Western allies

Read the original article by clicking here.

U.S. charges Ukrainian, Russian, over cyberattack, seizes $6 million in ransom payments

By Mark Hosenball and Kanishka Singh

(Reuters) -The U.S. Justice Department has charged a suspect from Ukraine and a Russian national over a July ransomware attack on an American company, according to indictments made in court filings on Monday, with CNN reporting the United States has seized $6 million in ransom payments.

Yaroslav Vasinskyi, a Ukrainian national arrested in Poland last month, will face U.S. charges for deploying ransomware known as REvil, which has been used in hacks that have cost U.S. firms millions of dollars, the court filing showed.

Vasinskyi conducted a ransomware attack over the July 4 weekend on Florida-based software firm Kaseya that infected up to 1,500 businesses around the world, according to the charges filed in the U.S. District Court for the Northern District of Texas.

Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, were charged by the United States with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges.

The Treasury Department also said the two operatives face sanctions for their role in ransomware incidents in the United States, as well as a virtual currency exchange called Chatex “for facilitating financial transactions for ransomware actors.”

The Treasury said the two individuals received more than $200 million in ransom payments paid in Bitcoin and Monero. It added that Latvian and Estonian government agencies were vital to the investigation.

Vasinskyi, 22, was being held in Poland pending U.S. extradition proceedings, while Polyanin, 28, remained at large.

The U.S. indictment of the Ukrainian hacker said he and other conspirators started deploying hacking software around April 2019 and “regularly” updated and refined it. The indictment also accused the hacker of laundering money obtained through a hacking extortion scheme.

Europol said earlier on Monday that Romanian authorities on Nov. 4 arrested two individuals suspected of cyber-attacks deploying the REvil ransomware. Since February, law enforcement authorities have arrested three other affiliates of REvil, Europol added.

Twelve suspects believed to have mounted ransomware attacks against companies or infrastructure in 71 countries were “targeted” in raids in Ukraine and Switzerland, Europol said on Friday.

(Reporting by Mark Hosenball in Washington and Kanishka Singh in Bengaluru; Editing by Dan Grebler)

U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)

Meatpacker JBS says it paid equivalent of $11 million in ransomware attack

(Reuters) -Meatpacker JBS USA paid a ransom equivalent to $11 million following a cyberattack that disrupted its North American and Australian operations, the company’s CEO said in a statement on Wednesday.

The subsidiary of Brazilian firm JBS SA halted cattle slaughtering at all of its U.S. plants for a day last week in response to the cyberattack, which threatened to disrupt food supply chains and further inflate already high food prices.

The cyberattack followed one last month on Colonial Pipeline, the largest fuel pipeline in the United States. It disrupted fuel delivery for several days in the U.S. Southeast.

Ransom software works by encrypting victims’ data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars. The FBI said earlier this month that the agency was investigating about 100 different types of ransomware.

The JBS meat plants, producing nearly a quarter of America’s beef, recovered faster than some meat buyers and analysts expected.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA on the ransom payment. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The Brazilian meatpacker’s arm in the United States and Pilgrims Pride Corp, a U.S. chicken company mostly owned by JBS, lost less than one day’s worth of food production. JBS is the world’s largest meat producer.

Third parties are carrying out forensic investigations and no final determinations have been made, JBS said. Preliminary probe results show no company, customer or employee data was compromised in the attack, it said.

A Russia-linked hacking group is behind the cyberattack against JBS, a source familiar with the matter said last week. The Russia-linked cyber gang goes by the name REvil and Sodinokibi, the source said.

A JBS spokesperson said the ransom payment was made in bitcoin.

The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the attack.

(Reporting by Aishwarya Nair and Kanishka Singh in Bengaluru; Editing by Grant McCool and Christopher Cushing)

Colonial Pipeline hit by network outage just days after hack shutdown

By Stephanie Kelly, Laura Sanicola and Jessica Resnick-Ault

NEW YORK (Reuters) – Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation’s biggest fuel pipeline reopened after a week-long ransomware attack.

The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.

Last week’s closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries – which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.

After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

Colonial’s shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.

As of Tuesday, more than 10,600 filling stations were still without fuel, according to tracking firm GasBuddy, down from more than 16,000 at the peak last week.

In North Carolina, one of the hardest-hit states, gas outages dropped below 50% on Tuesday, GasBuddy said. South Carolina, Virginia and Georgia all also had outages below 50%.

About 70% of gas stations in Washington, D.C., were still without fuel, down from around 90% over the weekend.

“The number of stations without gasoline is likely to drop under 10,000 today,” said GasBuddy’s Patrick De Haan on Tuesday.

(Reporting By Stephanie Kelly, Laura Sanicola, Jessica Resnick-Ault and Devika Krishna Kumar; Editing by Franklin Paul, Chizu Nomiyama and Marguerita Choy)

U.S. gas stations still shut, prices at 7-yr high in slow recovery from cyberattack

By Stephanie Kelly

NEW YORK (Reuters) -U.S. retail gasoline prices hit seven-year highs on Monday and many filling stations in the Southeast were still without fuel, as the region slowly recovers from a cyberattack on the nation’s largest fuel pipeline.

Last week’s closure of Colonial Pipeline’s 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast. That alarmed drivers, who took to gas stations to fill tanks and jerry cans.

Last week more than 15,000 gas stations were without fuel. Some stations have since been supplied with Colonial once again open. On Monday, 11,667 stations were without fuel, down from 12,466 stations the day before, according to tracking firm GasBuddy.

The closure came just ahead of the Memorial Day holiday weekend at the end of May, the traditional start of peak-demand summer driving season.

The Southeast bore the brunt of the outage, as the region is almost entirely without refineries. Panic buying caused 90% of fuel stations in Washington, D.C. to run out; as of Monday, that figure had dropped to 69%. Outages in North Carolina fell to just over 50%, while outages in South Carolina, Georgia and Virginia were under 50%, GasBuddy said.

The national gas price on Monday rose to $3.045 a gallon, the highest since October 2014, according to data from the American Automobile Association.

“The Southeast will continue to experience tight supply this week as terminals and gas stations are refueled,” said AAA spokesperson Jeanette McGee. “Over the weekend, gas prices started to stabilize, but are expected to fluctuate in the lead up to Memorial Day weekend.”

North Carolina saw an average price increase of 20 cents per gallon from the previous week, according to tracking firm GasBuddy on Monday.

South Carolina, Virginia and Georgia all saw price increases of just under 20 cents per gallon.

Some drivers in the region canceled trips to avoid using their gas supply. Traffic congestion in cities such as Richmond, Virginia; Atlanta; Greenville, South Carolina; and Charlotte and Raleigh, North Carolina fell last week from the week prior, according to Carol Hansen at location technology company TomTom.

Alpharetta, Georgia-based Colonial is currently shipping at normal rates, though it will take some time for the supply chain to fully catch up, Colonial spokesman Eric Abercrombie said in an email over the weekend.

The company began resuming its regular nomination process on Monday to allocate capacity to companies that use the line.

DarkSide, the group blamed for attacking Colonial Pipeline systems, has said it recently hacked four other companies. A website it used to communicate went dark last week.

Websites tied to two other ransomware groups not connected to the Colonial hack also were unreachable in a likely retreat amid the hunt for perpetrators, Allan Liska, a researcher with cybersecurity firm Recorded Future, said on Sunday.

(Reporting by Stephanie KellyEditing by Marguerita Choy)

U.S. capital running out of gas, even as Colonial Pipeline recovers

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -The U.S. capital was running out of gasoline on Friday even as the top U.S. fuel pipeline ramped up deliveries following a cyberattack and Washington officials assured motorists that supplies would return to normal soon.

The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record, which underscored the vulnerability of vital U.S. infrastructure to cybercriminals.

Widespread panic buying continued two days after the nation’s largest fuel pipeline network restarted, leaving filling stations across the U.S. Southeast out of gas even in areas far from the pipeline.

U.S. pump prices are at their highest in years, just two weeks before the peak summer driving season kicks off and as traffic continues to recover from mobility restrictions during the Covid-19 pandemic. The average national gasoline price has climbed to almost $3.04, the most expensive since October 2014, the American Automobile Association said.

On Friday gas station outages in Washington, D.C., climbed to 87%, from 79% the day before, tracking firm GasBuddy said.

“Most of these states/areas with outages have continued to see panicked buying, which is likely a contributing factor to the slow-ish recovery thus far,” said GasBuddy’s Patrick De Haan. “It will take a few weeks.”

Colonial Pipeline announced late Thursday it had restarted its entire pipeline system linking refineries on the Gulf Coast to markets along the eastern seaboard.

President Joe Biden also reassured U.S. motorists that fuel supplies should start returning to normal by this weekend.

Some states experienced modest improvements in gas outages but still saw a high amount. About 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages.

The hacking group believed to be responsible for the attack, DarkSide, said it had hacked four other companies including a Toshiba subsidiary in Germany.

Colonial Pipeline, which is owned by pension funds, private equity and energy firms, has not determined how the initial breach occurred, a spokeswoman said on Thursday. The company has focused on cleaning its networks, restoring data and reopening the pipeline.

Colonial has not disclosed how much money the hackers were seeking or whether it paid. However, Bloomberg News reported that it paid nearly $5 million to hackers.

To stem fuel shortages, four states and federal regulators relaxed fuel driver restrictions to speed deliveries of fresh supplies. Washington also issued a waiver to U.S. refiner Valero Energy Corp <VLO.N> allowing it to transport gasoline and diesel from the U.S. Gulf Coast to East Coast ports on foreign-flagged vessels. The U.S. normally limits deliveries between domestic ports to U.S.-built and crewed vessels.

Gulf Coast refiners that send their fuel to market through the Colonial Pipeline have had to cut production because they have not been able to move their gasoline, diesel and jet fuel through the pipeline. A smaller, alternative pipeline filled to capacity quickly after Colonial announced its network was shut last Friday.

(Reporting by Stephanie Kelly and Jessica Resnick-Ault in New York; additional reporting by Joseph Menn; Writing by Richard Valdmanis; Editing by Simon Webb and Steve Orlofsky)

Colonial Pipeline paid hackers nearly $5 million in ransom – Bloomberg News

(Reuters) -Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline network in the United States, Bloomberg News reported, citing two people familiar with the transaction.

The company paid the ransom in untraceable cryptocurrency within hours after the attack, according to the report.

Colonial Pipeline declined to comment.

Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics contend that paying ransom encourages attacks.

U.S. House of Representative Speaker Nancy Pelosi said on Thursday ransom should not be paid by companies that are the victims of cyber attacks.

The hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.

After a six-day outage, the top U.S. fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production and had airlines reshuffling some refueling operations.

The FBI earlier this week accused a shadowy criminal gang called DarkSide for the ransomware attack. The group has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies.

A terse news release posted to DarkSide’s website did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society”.

The White House declined to weigh in on Monday whether companies that are hacked such as Colonial Pipeline should pay ransom to their attackers, but a national security official said it may offer some advice in the future.

(Reporting by Arathy S Nair in Bengaluru; Editing by Shounak Dasgupta)

Biden says East Coast fuel shortages to end in days as pipeline reopens

By Stephanie Kelly

(Reuters) -U.S. President Joe Biden on Thursday said that U.S. motorists can expect filling stations to begin returning to normal this weekend even as shortages gripped some areas amid restart of the top U.S. fuel pipeline after it was shut by a ransomware attack.

The Colonial Pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, will take some time to fully recover and could still suffer “hiccups,” he said. Colonial began supplying some fuel to most regions along its 5,500 mile (8,850 km) route.

The pipeline resumed computer-controlled pumping late Wednesday after adding safety measures.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production, and spurred airlines to reshuffle refueling operations.

The pipeline’s restart should bring supplies to some hard-hit areas as soon as Thursday, said U.S. Energy Secretary Jennifer Granholm.

“Relief is coming,” added Jeanette McGee, a spokeswoman for motor travel group AAA.

Motorists’ tempers frayed as panic buying led stations to run out even where supplies were available. On Thursday about 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages, tracking firm GasBuddy said.

The average national gasoline price rose above $3.00 a gallon, the highest since October 2014, the American Automobile Association said, and prices in some areas jumped as much as 11 cents in a day.

Nicole Guy, 36, a leasing agent in Atlanta, was at her fourth gas station Thursday morning, trying to find gas. The station ran out of gas early Wednesday and the manager wasn’t sure when deliveries would resume.

Guy said she wished she had gone out the night before to refuel.

“My sister paid $3.50 at the pump last night for her car,” she said. “I thought if I went looking today I’d find a better deal. I never paid that much at the pump.”

Even as the pipeline resumes pumping, it will take time to replenish stocks. Gasoline inventories in the Northeast likely will fall to five-year lows this week, said Richard Joswick, an analyst with S&P Global Platts.

HACKERS RESURFACE

As FBI cyber sleuths dug into an attack that paralyzed a large part of the U.S. energy infrastructure, the group believed to be responsible said it was publishing data from breaches at three other companies, including an Illinois technology firm.

Biden on Thursday said officials do not believe the Russian government was involved in this attack.

“But we do have strong reason to believe that the criminals who did the attack are living in Russia,” he said. “That’s where it came from.”

U.S. House of Representatives Speaker Nancy Pelosi on Thursday urged companies that are victims of cyberattacks not to pay a ransom.

Colonial has not publicly said how much money the hackers were seeking or whether it paid the ransom. Colonial has a type of insurance that typically covers ransom payments, three people familiar with the matter told Reuters on Thursday.

To stem fuel shortages, four states and federal regulators relaxed fuel driver restrictions to speed deliveries of fresh supplies.

The U.S. also issued a waiver to an undisclosed shipper allowing it to transport gasoline and diesel from the U.S. Gulf Coast to East Coast ports on foreign-flagged vessels. The U.S. restricts deliveries between domestic ports to U.S.-built and crewed vessels.

Gulf Coast refiners that move fuel to market on the Colonial Pipeline had cut processing as an alternative pipeline filled to capacity last weekend. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant.

Royal Dutch Shell Plc on Thursday said it was seeking alternative supply points to tackle challenges from the incident.

Airlines were refueling planes at their destinations, instead of usual departure points. On Wednesday, Delta Air Lines Chief Executive Ed Bastian said more fuel would be available “hopefully by the end of the week and as long as those predictions come true, hopefully we’ll be OK.”

(Reporting by Stephanie Kelly in New York; additional reporting by Rich McKay in Atlanta; Editing by Steve Orlofsky)

U.S. senators ask IRS if hacking campaign compromised taxpayer data

By Susan Heavey

WASHINGTON (Reuters) – Two top U.S. Senators on Thursday said they were seeking answers on whether the recent hacking attack against the federal government compromised U.S. taxpayers’ data, which could make millions of Americans more vulnerable to identity theft and other crimes.

As officials continued to assess damage from the cyberattack, U.S. Senate Finance Committee Chairman Chuck Grassley and ranking Democrat Ron Wyden asked the Internal Revenue Service whether the tax agency was affected and, if so, what it was doing to mitigate the fallout and protect against further intrusions.

The sweeping campaign, done by hackers believed to be working for Russia, leveraged technology from SolarWinds Corp used by multiple U.S. government agencies and other businesses, Reuters has reported.

The U.S. government has not publicly identified who might be behind the massive intrusion, and several U.S. lawmakers on Thursday said it appeared that U.S. officials were still analyzing the impact of the attack.

“I think the government is still assessing how bad the damage is,” Senator Mark Warner, the ranking Democrat on the Senate intelligence panel, told MSNBC in an interview.

Grassley and Wyden, in their letter, sought an immediate briefing from IRS Commissioner Chuck Rettig on the impact to U.S. taxpayers, whose sensitive financial records are filed each year with the agency.

The IRS has used SolarWinds technology as recently as 2017, they said.

“Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” the senators wrote.

(Reporting by Susan Heavey; Editing by David Gregorio)