arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Biden and Putin to Meet in Mid-June, in a Summit Fraught With Tensions

President Biden and President Vladimir V. Putin of Russia have agreed to meet on June 16 in Geneva for a face-to-face encounter that comes at a time of fast-deteriorating relations over Ukraine, cyberattacks and a raft of new nuclear weapons Mr. Putin is deploying. The summit is the first in-person meeting between the two leaders since Mr. Biden became president.

The one-day meeting is expected to focus on ways to restore predictability and stability to a relationship that carries a risk of nuclear accident, miscalculation and escalation. Geneva was also the site of the 1985 summit between Mikhail Gorbachev, the Soviet leader, and Ronald Reagan that was focused on the nuclear arms race.

The meeting comes at the worst point in Russian-American relations since the fall of the Soviet Union about 30 years ago. To say that the two leaders have a tense relationship is an understatement: Mr. Biden called Mr. Putin a “killer” in a television interview in March, leading Mr. Putin to dryly return the accusation and wish the new president “good health.”

Russia, despite its aggressive language toward the West, has shown optimism about the talks. For Mr. Putin, a high-profile presidential summit can help deliver what he has long sought: respect for Russia on the world stage. And he is sure to repeat his message that the United States must respect Russian interests — especially inside Russia, where the Kremlin claims Washington is trying to undermine Mr. Putin’s rule, and in Eastern Europe.

new round of financial sanctions against the country.

That list includes the prosecution and jailing of Aleksei A. Navalny, the opposition leader Mr. Putin’s intelligence services tried to kill with a nerve agent. And Mr. Biden plans to spend considerable time on cybersecurity in hopes of limiting the rising tide of cyberattacks directed at the United States.

Such attacks have dogged Mr. Biden since December, with the disclosure of SolarWinds, a sophisticated hack into network management software used by most of the United States’ largest companies and by a range of government agencies and defense contractors.

Mr. Biden vowed a full investigation and a proportionate response, though it is unclear whether those moves — which his aides said would be “seen and unseen” — are sufficient to deter the low-cost attacks.

Two weeks ago, Mr. Biden said he would raise with Mr. Putin the more recent ransomware attack on Colonial Pipeline, which shut down nearly half of the supply of gasoline, diesel and jet fuel to the East Coast. That attack was the work of a criminal group, the Biden administration said, but Mr. Biden accused Russia of harboring the ransomware criminals.

The summit will come at the end of Mr. Biden’s first international trip as president, to Europe, where he will meet with the Group of 7 allies — a group the Russians had been part of for several years when integration with the West seemed possible — and NATO allies.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

Colonial Pipeline Hack Shows Risk to US Energy Independence

HOUSTON — When OPEC barred oil exports to the United States in 1973, creating long gasoline lines, President Richard Nixon pledged an effort that would combine the spirit of the Apollo program and the determination of the Manhattan Project.

“By the end of this decade, we will have developed the potential to meet our own energy needs without depending on any foreign energy sources,” he said in a televised address.

His timing was off — it took more than 40 years — but the country has come pretty close to energy independence in recent years thanks to a surge in domestic shale oil and natural gas production and the harnessing of solar and wind energy.

That independence, however, is fragile. Last week, cars lined up at gas stations across much of the Southeast after the Colonial Pipeline was paralyzed by a cyberattack by a criminal group seeking a ransom. The electric grid is also coming under greater stress because of climate change. In the last year, a heat wave in California and a deep freeze in Texas forced rolling blackouts as demand for power outstripped supply.

panic buying rarely seen in decades produced shortages, and prices at the pump rose as much as 20 cents a gallon for regular gasoline in some states in a few days, according to AAA.

Mr. Yergin said that drivers who lined up at pumps to fill gas cans and even plastic bags made the situation worse. The impulse to hoard harkened back to the oil shocks of the 1970s and appeared to touch a chord in the national psyche.

“People remembered gas lines even though they weren’t born yet,” Mr. Yergin said.

Colonial Pipeline, a private company, resumed full operations over the weekend, but it will take at least several more days before many gas stations are restocked.

Energy companies will come under greater pressure from governments and investors to bulk up their defenses against cyberattacks, but those and other vulnerabilities will not be easily overcome, especially after years of underinvestment.

Upgrading the energy system will not be easy. Dozens of competing companies that operate a vast web of oil and gas wells and pumping stations, transmission lines and power plants will need coaxing to make their operations more resilient to weather and criminal attacks. Considerable funding will have to come from business and government, as well as research to keep ahead of the cybercriminals. President Biden’s $2 trillion infrastructure plan devotes $100 billion to the transmission grid.

The quest for energy independence has never been a straight line, and there have been many unfortunate twists. Reliance on Middle East oil was a major consideration in military action and diplomatic strategy, including alliances with countries like Saudi Arabia with disturbing human rights records. A half-century ago, the country shifted from burning heating oil to relying more heavily on coal, which contributed to climate change.

But the search for energy independence also led to innovation. Fracking — the hydraulic fracturing of shale oil and natural gas deposits — not only slashed energy imports but also made the United States a major exporter. Suddenly oil and gas were not a national security vulnerability but a tool to further American interests.

nearly half of the transportation fuel needs of the region.

When hurricanes hit, and refineries on the Gulf shut down, gasoline and diesel prices tend to rise along the East Coast. Normally, that is not a huge problem because companies store lots of fuel close to where it is used and trucks and barges can usually make up the difference. This time, however, uncertainty about how long it would take to restore supplies made the Colonial Pipeline’s shutdown much more disruptive.

The ransomware attack was the work of DarkSide, an extortionist ring that has been responsible for scores of attacks on companies in several countries. But it is hardly the only group that infiltrates computer systems to extort money. Others go by names like REvil, Maze and LockBit.

“The technology moves so quickly, you solve one or two or twenty possible vulnerabilities in your computer systems and the hackers find a different way to get in.” said Drue Pearce, a former deputy administrator of the federal Pipeline Hazardous Materials Safety Administration.

The criminal groups represent a threat to industries beyond energy. But experts say energy is of particular concern because it is essential to a functioning economy. The peril is no less complex than reducing the United States’ reliance on foreign oil, said Bill Richardson, a former energy secretary.

“This is a new threat that we are not prepared for,” he said.

View Source

Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.

It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.

Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the last week.

“We have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” the operator of the pipeline said on Twitter.

nearly $5 million in Bitcoin to recover its stolen data.

On Friday, DarkSide said it was shutting down because of unspecified “pressure” from the United States.

View Source

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members.

In his remarks on Thursday, Mr. Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.

Republicans have balked at the size of Mr. Biden’s proposals, accusing the president of wanting to raise taxes to pay for things that they do not consider infrastructure, like programs for home health aides. Mr. Biden has proposed to increase taxes on wealthy people and corporations to pay for his spending, but has said he is open to other ideas.

“I’m willing to negotiate, as I indicated yesterday to the House members and to the leadership,” Mr. Biden said. “But it’s clearer than ever that doing nothing is not an option.”

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents, to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies. Friday is traditionally the biggest day for gasoline sales.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline.

View Source

Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to people briefed on the transaction.

The payment came after cybercriminals last week held up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.

The shutdown of the company’s network, which includes 5,500 miles of pipeline that supplies nearly half the gas, diesel and jet fuel to the East Coast, triggered a cascading crisis that led to emergency meetings at the White House, a jump in gas prices, panic buying at the gas pumps, and forced some airlines to make fuel stops on long-haul flights.

The ransom payment was first reported by Bloomberg. A spokeswoman for Colonial declined to confirm or deny that the company had paid a ransom.

first reported that Colonial had shut down its pipeline partly because its billing systems were taken offline and it had no way to charge customers.

Many organizations across the United States, including police departments, have opted to pay their ransomware extortionists rather than suffer the loss of critical data or incur the costs of rebuilding computer systems from scratch.

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members and social media preservation requests.

“This is an indicator of why we should pay,” the cybercriminals, called Babuk, said in a post online. “The police also wanted to pay us, but the amount turned out to be too small. Look at this wall of shame,” they wrote, “you have every chance of not getting there. Just pay us!”

Julian E. Barnes contributed reporting.

View Source

Colonial Pipeline: A Vital Artery for Fuel

HOUSTON — The operator of a vital fuel pipeline stretching from Texas to New Jersey, shut down for days after a ransomware attack, said Monday that it hoped to restore most operations by the end of the week.

Federal investigators said the attackers aimed at poorly protected corporate data rather than directly taking control of the pipeline, which carries nearly one-half of the motor and aviation fuels consumed in the Northeast and much of the South.

The operator, Colonial Pipeline, stopped shipments apparently as a precaution to prevent the hackers from doing anything further, like turning off or damaging the system itself in the event they had stolen highly sensitive information from corporate computers.

Colonial said it was reviving service of segments of the pipeline “in a stepwise fashion” in consultation with the Energy Department. It said the goal of its plan was “substantially restoring operational service by the end of the week.” The company cautioned, however, that “this situation remains fluid and continues to evolve.”

Federal Bureau of Investigation said was carried out by an organized crime group called DarkSide, has highlighted the vulnerability of the American energy system.

Part of that vulnerability reflects Texas’ increased role in meeting domestic demand for oil and gas over the last decade and a half, leading the Northeast to rely on an aging pipeline system to bring in fuel rather than refining imported fuel locally.

Since the pipeline shutdown, there have been no long lines at gasoline stations, and because many traders expected the interruption to be brief, the market reaction was muted. Nationwide, the price of regular gasoline climbed by only half a cent to $2.97 on Monday from Sunday, even though the company could not set a timetable for restarting the pipeline. New York State prices remained stable at $3 a gallon, according to the AAA motor club.

“Potentially it will be inconvenient,” said Ed Hirs, an energy economist at the University of Houston. “But it’s not a big deal because there is storage in the Northeast and all the big oil and gas companies can redirect seaborne cargoes of refined product when it is required.”

The Colonial Pipeline is based in Alpharetta, Ga., and is one of the largest in the United States. It can carry roughly three million gallons of fuel a day over 5,500 miles from Houston to New York. It serves most of the Southern states, and branches from the Atlantic Coast to Tennessee.

Some of the biggest oil companies, including Phillips Petroleum, Sinclair Pipeline and Continental Oil, joined to begin construction of the pipeline in 1961. It was a time of rapid growth in highway driving and long-distance air travel. Today Colonial Pipeline, which is private, is owned by Royal Dutch Shell, Koch Industries and several foreign and domestic investment firms.

It is particularly vital to the functioning of many Eastern U.S. airports, which typically hold inventories sufficient for only three to five days of operations.

There are many reasons, including regulatory restrictions on pipeline construction that go back nearly a century. There are also restrictions on the use of foreign vessels to move products between American ports, as well as on road transport of fuels.

But the main reason comes closer to home. Over the last two decades, at least six refineries have gone out of business in New Jersey, Pennsylvania and Virginia, reducing the amount of the crude oil processed into fuels in the region by more than half, from 1,549,000 to 715,000 barrels weekly.

“Those refineries just couldn’t make money,” said Tom Kloza, global head of energy analysis at Oil Price Information Service.

The reason for their decline is the “energy independence” that has been a White House goal since the Nixon administration. As shale exploration and production boomed beginning around 2005, refineries on the Gulf Coast had easy access to natural gas and oil produced in Texas.

That gave them an enormous competitive advantage over the East Coast refineries that imported oil from the Northeast or by rail from North Dakota once the shale boom there took off. As the local refineries shut their doors, the Colonial Pipeline became increasingly important as a conduit from Texas and Louisiana refineries.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast closed refineries, the Midwest has opened a few new plants and expanded others to process Canadian oil, much from the Alberta oil sands, over the last 20 years. California and the Pacific Northwest have sufficient refineries to process crude produced in California and Alaska, as well as South America.

Not very. The Northeast supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the East Coast was able to manage. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada and South America, although trans-Atlantic cargo can take as much as two weeks to arrive.

When Hurricane Harvey hit Texas in 2017, damaging refineries, Colonial Pipeline shipments to the Northeast were suspended for nearly two weeks. Gasoline prices at New York Harbor quickly climbed more than 25 percent, and the added costs were passed on to motorists. Prices took over a month to return to previous levels.

The hacking of a major pipeline, while not a major problem for motorists, is a sign of the times. Criminal groups and even nations can threaten power lines, personal information and even banks.

The group responsible for the pipeline attack, DarkSide, typically locks up its victims’ data using encryption, and threatens to release the data unless a ransom is paid. Colonial Pipeline has not said whether it has paid or intends to pay a ransom.

“The unfortunate truth is that infrastructure today is so vulnerable that just about anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a British security software and hardware company. “Infrastructure is an easy — and lucrative — target for attackers.”

View Source