Thursday, May 13, 2021

Hackers with a Heart?

As most folks know by now (especially if you live on the east coast), a RansomWare attack on the Colonial Pipeline Company last week has wreaked havoc on the east coast and their oil supply.

It seems that hackers made an effort to perform a type of attack that is becoming more and more common. The criminals break into a system and encrypt the victim's data, but before doing so the crooks steal private data from the victim.   After the data is stolen, the attackers then apply the RansomWare encryption program.

At that point the victim's system is encrypted and locked up.  Now, in order to increase pressure on the victim, the attackers not only have the victim's system locked, they then threaten to release confidential data they have stolen.  Of course, if the victim pays the ransom, supposedly they will get the password to decrypt their data *and* those trustworthy crooks won't do anything with the data they've stolen.

That's the normal modus operandi for the new RansomWare gangs, but the Colonial Pipeline hack comes with a twist.  It seems that the company was forced to shut down a huge pipeline that runs from Texas to the East Coast and that pipeline delivers 45% of the gasoline needed to run the eastern seaboard of the United States.

Because of the tremendous impact this hack had, more than a couple of federal agencies got involved.  That would include the FBI and the NSA as well as CISA.  Those are some pretty big names... and those are just the ones we know about.  I'd be willing to be there were others that operate deep undercover that were brought in as well.

What I find interesting about this is that suddenly over the weekend, the criminal gang responsible for the hack, a gang calling itself DarkSide, posted on their website  their "goal is to make money" plus the gang has no interest in "creating problems for society".

They went so far as to say:

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment [sic] and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

That makes me think they may have inadvertently stirred up a bit more than they counted on.  I'm betting they didn't have any idea how much dependence there is on that pipeline.  Will they do something like this in the future, my thoughts are "no".  I don't think anyone, even hackers, wants to make a bunch of 3 letter agencies mad.  However, that's just another thing that makes smaller healthcare practices at greater risk.  Tinkering with a company that supplies a huge amount of energy to a geographic location is not a great idea, but doing the same to a smaller less vital target looks a lot better.  One more reason to keep your security tight.


No comments:

Post a Comment