arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Biden and Putin to Meet in Mid-June, in a Summit Fraught With Tensions

President Biden and President Vladimir V. Putin of Russia have agreed to meet on June 16 in Geneva for a face-to-face encounter that comes at a time of fast-deteriorating relations over Ukraine, cyberattacks and a raft of new nuclear weapons Mr. Putin is deploying. The summit is the first in-person meeting between the two leaders since Mr. Biden became president.

The one-day meeting is expected to focus on ways to restore predictability and stability to a relationship that carries a risk of nuclear accident, miscalculation and escalation. Geneva was also the site of the 1985 summit between Mikhail Gorbachev, the Soviet leader, and Ronald Reagan that was focused on the nuclear arms race.

The meeting comes at the worst point in Russian-American relations since the fall of the Soviet Union about 30 years ago. To say that the two leaders have a tense relationship is an understatement: Mr. Biden called Mr. Putin a “killer” in a television interview in March, leading Mr. Putin to dryly return the accusation and wish the new president “good health.”

Russia, despite its aggressive language toward the West, has shown optimism about the talks. For Mr. Putin, a high-profile presidential summit can help deliver what he has long sought: respect for Russia on the world stage. And he is sure to repeat his message that the United States must respect Russian interests — especially inside Russia, where the Kremlin claims Washington is trying to undermine Mr. Putin’s rule, and in Eastern Europe.

new round of financial sanctions against the country.

That list includes the prosecution and jailing of Aleksei A. Navalny, the opposition leader Mr. Putin’s intelligence services tried to kill with a nerve agent. And Mr. Biden plans to spend considerable time on cybersecurity in hopes of limiting the rising tide of cyberattacks directed at the United States.

Such attacks have dogged Mr. Biden since December, with the disclosure of SolarWinds, a sophisticated hack into network management software used by most of the United States’ largest companies and by a range of government agencies and defense contractors.

Mr. Biden vowed a full investigation and a proportionate response, though it is unclear whether those moves — which his aides said would be “seen and unseen” — are sufficient to deter the low-cost attacks.

Two weeks ago, Mr. Biden said he would raise with Mr. Putin the more recent ransomware attack on Colonial Pipeline, which shut down nearly half of the supply of gasoline, diesel and jet fuel to the East Coast. That attack was the work of a criminal group, the Biden administration said, but Mr. Biden accused Russia of harboring the ransomware criminals.

The summit will come at the end of Mr. Biden’s first international trip as president, to Europe, where he will meet with the Group of 7 allies — a group the Russians had been part of for several years when integration with the West seemed possible — and NATO allies.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

Colonial Pipeline Hack Shows Risk to US Energy Independence

HOUSTON — When OPEC barred oil exports to the United States in 1973, creating long gasoline lines, President Richard Nixon pledged an effort that would combine the spirit of the Apollo program and the determination of the Manhattan Project.

“By the end of this decade, we will have developed the potential to meet our own energy needs without depending on any foreign energy sources,” he said in a televised address.

His timing was off — it took more than 40 years — but the country has come pretty close to energy independence in recent years thanks to a surge in domestic shale oil and natural gas production and the harnessing of solar and wind energy.

That independence, however, is fragile. Last week, cars lined up at gas stations across much of the Southeast after the Colonial Pipeline was paralyzed by a cyberattack by a criminal group seeking a ransom. The electric grid is also coming under greater stress because of climate change. In the last year, a heat wave in California and a deep freeze in Texas forced rolling blackouts as demand for power outstripped supply.

panic buying rarely seen in decades produced shortages, and prices at the pump rose as much as 20 cents a gallon for regular gasoline in some states in a few days, according to AAA.

Mr. Yergin said that drivers who lined up at pumps to fill gas cans and even plastic bags made the situation worse. The impulse to hoard harkened back to the oil shocks of the 1970s and appeared to touch a chord in the national psyche.

“People remembered gas lines even though they weren’t born yet,” Mr. Yergin said.

Colonial Pipeline, a private company, resumed full operations over the weekend, but it will take at least several more days before many gas stations are restocked.

Energy companies will come under greater pressure from governments and investors to bulk up their defenses against cyberattacks, but those and other vulnerabilities will not be easily overcome, especially after years of underinvestment.

Upgrading the energy system will not be easy. Dozens of competing companies that operate a vast web of oil and gas wells and pumping stations, transmission lines and power plants will need coaxing to make their operations more resilient to weather and criminal attacks. Considerable funding will have to come from business and government, as well as research to keep ahead of the cybercriminals. President Biden’s $2 trillion infrastructure plan devotes $100 billion to the transmission grid.

The quest for energy independence has never been a straight line, and there have been many unfortunate twists. Reliance on Middle East oil was a major consideration in military action and diplomatic strategy, including alliances with countries like Saudi Arabia with disturbing human rights records. A half-century ago, the country shifted from burning heating oil to relying more heavily on coal, which contributed to climate change.

But the search for energy independence also led to innovation. Fracking — the hydraulic fracturing of shale oil and natural gas deposits — not only slashed energy imports but also made the United States a major exporter. Suddenly oil and gas were not a national security vulnerability but a tool to further American interests.

nearly half of the transportation fuel needs of the region.

When hurricanes hit, and refineries on the Gulf shut down, gasoline and diesel prices tend to rise along the East Coast. Normally, that is not a huge problem because companies store lots of fuel close to where it is used and trucks and barges can usually make up the difference. This time, however, uncertainty about how long it would take to restore supplies made the Colonial Pipeline’s shutdown much more disruptive.

The ransomware attack was the work of DarkSide, an extortionist ring that has been responsible for scores of attacks on companies in several countries. But it is hardly the only group that infiltrates computer systems to extort money. Others go by names like REvil, Maze and LockBit.

“The technology moves so quickly, you solve one or two or twenty possible vulnerabilities in your computer systems and the hackers find a different way to get in.” said Drue Pearce, a former deputy administrator of the federal Pipeline Hazardous Materials Safety Administration.

The criminal groups represent a threat to industries beyond energy. But experts say energy is of particular concern because it is essential to a functioning economy. The peril is no less complex than reducing the United States’ reliance on foreign oil, said Bill Richardson, a former energy secretary.

“This is a new threat that we are not prepared for,” he said.

View Source

Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.

It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.

Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the last week.

“We have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” the operator of the pipeline said on Twitter.

nearly $5 million in Bitcoin to recover its stolen data.

On Friday, DarkSide said it was shutting down because of unspecified “pressure” from the United States.

View Source

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members.

In his remarks on Thursday, Mr. Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.

Republicans have balked at the size of Mr. Biden’s proposals, accusing the president of wanting to raise taxes to pay for things that they do not consider infrastructure, like programs for home health aides. Mr. Biden has proposed to increase taxes on wealthy people and corporations to pay for his spending, but has said he is open to other ideas.

“I’m willing to negotiate, as I indicated yesterday to the House members and to the leadership,” Mr. Biden said. “But it’s clearer than ever that doing nothing is not an option.”

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents, to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies. Friday is traditionally the biggest day for gasoline sales.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline.

View Source

Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to people briefed on the transaction.

The payment came after cybercriminals last week held up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.

The shutdown of the company’s network, which includes 5,500 miles of pipeline that supplies nearly half the gas, diesel and jet fuel to the East Coast, triggered a cascading crisis that led to emergency meetings at the White House, a jump in gas prices, panic buying at the gas pumps, and forced some airlines to make fuel stops on long-haul flights.

The ransom payment was first reported by Bloomberg. A spokeswoman for Colonial declined to confirm or deny that the company had paid a ransom.

first reported that Colonial had shut down its pipeline partly because its billing systems were taken offline and it had no way to charge customers.

Many organizations across the United States, including police departments, have opted to pay their ransomware extortionists rather than suffer the loss of critical data or incur the costs of rebuilding computer systems from scratch.

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members and social media preservation requests.

“This is an indicator of why we should pay,” the cybercriminals, called Babuk, said in a post online. “The police also wanted to pay us, but the amount turned out to be too small. Look at this wall of shame,” they wrote, “you have every chance of not getting there. Just pay us!”

Julian E. Barnes contributed reporting.

View Source