“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.

The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)

“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”

Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.

“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”

Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.

“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”

Julian Barnes contributed reporting.

View Source

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members.

In his remarks on Thursday, Mr. Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.

Republicans have balked at the size of Mr. Biden’s proposals, accusing the president of wanting to raise taxes to pay for things that they do not consider infrastructure, like programs for home health aides. Mr. Biden has proposed to increase taxes on wealthy people and corporations to pay for his spending, but has said he is open to other ideas.

“I’m willing to negotiate, as I indicated yesterday to the House members and to the leadership,” Mr. Biden said. “But it’s clearer than ever that doing nothing is not an option.”

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents, to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies. Friday is traditionally the biggest day for gasoline sales.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline.

View Source

Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.

Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to people briefed on the transaction.

The payment came after cybercriminals last week held up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.

The shutdown of the company’s network, which includes 5,500 miles of pipeline that supplies nearly half the gas, diesel and jet fuel to the East Coast, triggered a cascading crisis that led to emergency meetings at the White House, a jump in gas prices, panic buying at the gas pumps, and forced some airlines to make fuel stops on long-haul flights.

The ransom payment was first reported by Bloomberg. A spokeswoman for Colonial declined to confirm or deny that the company had paid a ransom.

first reported that Colonial had shut down its pipeline partly because its billing systems were taken offline and it had no way to charge customers.

Many organizations across the United States, including police departments, have opted to pay their ransomware extortionists rather than suffer the loss of critical data or incur the costs of rebuilding computer systems from scratch.

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members and social media preservation requests.

“This is an indicator of why we should pay,” the cybercriminals, called Babuk, said in a post online. “The police also wanted to pay us, but the amount turned out to be too small. Look at this wall of shame,” they wrote, “you have every chance of not getting there. Just pay us!”

Julian E. Barnes contributed reporting.

View Source

Colonial Pipeline reports ‘substantial progress’ in restoring the flow of fuel.

Gasoline prices continued to rise across the Southeast on Thursday, but at a slower pace generally than in recent days, as the operator of Colonial Pipeline said it had made “substantial progress” in resuming the delivery of fuel along the East Coast.

“Product delivery has commenced to all markets we serve,” the pipeline’s operator said Thursday afternoon. “It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions.”

The pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, was shut down because of a ransomware cyberattack on Friday. Operations have gathered momentum since the pipeline partially restarted late Wednesday.

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning, because it takes time for fuel to pass through the pipeline.

President Biden, speaking on national television, urged motorists not to panic.

“They should be reaching full operational capacity as we speak, as I speak to you right now,” Mr. Biden said at the White House. “That is good news. But we want to be clear, we will not feel the effects at the pump immediately. This is not like flicking on a light switch.”

An internal assessment by the Departments of Energy and Homeland Security noted that the fuel “travels through the pipeline at 5 miles per hour” and would take “approximately two weeks to travel from the Gulf Coast to New York.” Supplemental supplies transported in tanker trucks and tanker vessels connecting the Gulf and Atlantic coasts also can take up to a week or more.

The Biden administration has temporarily eased the Jones Act, which prohibits foreign vessels from delivering goods from one domestic port to another. The administration said Thursday that a waiver had been granted to one company and that it would consider other waiver requests.

“This waiver will enable the transport of additional gas and jet fuel to ease supply constraints,” Jen Psaki, the White House press secretary, said in a statement. The Jones Act, which is over a century old and is designed to protect American shipping, is usually waived to compensate for supply interruptions during hurricanes.

Panic buying contributed to the fuel shortages. At some stations, people were filling up gasoline cans, forcing others to wait longer and causing shouting matches.

Friday is traditionally the biggest day for gasoline sales. But energy analysts were optimistic that the crisis would soon pass.

“The restart of the pipeline is very positive news for motorists,” said Jeanette McGee, the director for external communications for AAA. “While impact won’t be seen immediately and motorists in affected areas can expect to see a few more days of limited fuel supply, relief is coming.”

She said station pumps will be full in “several days,” ahead of the Memorial Day weekend, a heavy driving time.

The Federal Bureau of Investigation has identified an organized crime group called DarkSide as the attacker. The group is believed to operate from Eastern Europe, possibly Russia. While the attack was not on the pipeline itself, Colonial shut down both its information systems and the pipeline until it was sure it could safely manage the flow of fuel.

David E. Sanger and Michael D. Shear contributed reporting.

View Source

Colonial Pipeline: A Vital Artery for Fuel

HOUSTON — The operator of a vital fuel pipeline stretching from Texas to New Jersey, shut down for days after a ransomware attack, said Monday that it hoped to restore most operations by the end of the week.

Federal investigators said the attackers aimed at poorly protected corporate data rather than directly taking control of the pipeline, which carries nearly one-half of the motor and aviation fuels consumed in the Northeast and much of the South.

The operator, Colonial Pipeline, stopped shipments apparently as a precaution to prevent the hackers from doing anything further, like turning off or damaging the system itself in the event they had stolen highly sensitive information from corporate computers.

Colonial said it was reviving service of segments of the pipeline “in a stepwise fashion” in consultation with the Energy Department. It said the goal of its plan was “substantially restoring operational service by the end of the week.” The company cautioned, however, that “this situation remains fluid and continues to evolve.”

Federal Bureau of Investigation said was carried out by an organized crime group called DarkSide, has highlighted the vulnerability of the American energy system.

Part of that vulnerability reflects Texas’ increased role in meeting domestic demand for oil and gas over the last decade and a half, leading the Northeast to rely on an aging pipeline system to bring in fuel rather than refining imported fuel locally.

Since the pipeline shutdown, there have been no long lines at gasoline stations, and because many traders expected the interruption to be brief, the market reaction was muted. Nationwide, the price of regular gasoline climbed by only half a cent to $2.97 on Monday from Sunday, even though the company could not set a timetable for restarting the pipeline. New York State prices remained stable at $3 a gallon, according to the AAA motor club.

“Potentially it will be inconvenient,” said Ed Hirs, an energy economist at the University of Houston. “But it’s not a big deal because there is storage in the Northeast and all the big oil and gas companies can redirect seaborne cargoes of refined product when it is required.”

The Colonial Pipeline is based in Alpharetta, Ga., and is one of the largest in the United States. It can carry roughly three million gallons of fuel a day over 5,500 miles from Houston to New York. It serves most of the Southern states, and branches from the Atlantic Coast to Tennessee.

Some of the biggest oil companies, including Phillips Petroleum, Sinclair Pipeline and Continental Oil, joined to begin construction of the pipeline in 1961. It was a time of rapid growth in highway driving and long-distance air travel. Today Colonial Pipeline, which is private, is owned by Royal Dutch Shell, Koch Industries and several foreign and domestic investment firms.

It is particularly vital to the functioning of many Eastern U.S. airports, which typically hold inventories sufficient for only three to five days of operations.

There are many reasons, including regulatory restrictions on pipeline construction that go back nearly a century. There are also restrictions on the use of foreign vessels to move products between American ports, as well as on road transport of fuels.

But the main reason comes closer to home. Over the last two decades, at least six refineries have gone out of business in New Jersey, Pennsylvania and Virginia, reducing the amount of the crude oil processed into fuels in the region by more than half, from 1,549,000 to 715,000 barrels weekly.

“Those refineries just couldn’t make money,” said Tom Kloza, global head of energy analysis at Oil Price Information Service.

The reason for their decline is the “energy independence” that has been a White House goal since the Nixon administration. As shale exploration and production boomed beginning around 2005, refineries on the Gulf Coast had easy access to natural gas and oil produced in Texas.

That gave them an enormous competitive advantage over the East Coast refineries that imported oil from the Northeast or by rail from North Dakota once the shale boom there took off. As the local refineries shut their doors, the Colonial Pipeline became increasingly important as a conduit from Texas and Louisiana refineries.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast closed refineries, the Midwest has opened a few new plants and expanded others to process Canadian oil, much from the Alberta oil sands, over the last 20 years. California and the Pacific Northwest have sufficient refineries to process crude produced in California and Alaska, as well as South America.

Not very. The Northeast supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the East Coast was able to manage. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada and South America, although trans-Atlantic cargo can take as much as two weeks to arrive.

When Hurricane Harvey hit Texas in 2017, damaging refineries, Colonial Pipeline shipments to the Northeast were suspended for nearly two weeks. Gasoline prices at New York Harbor quickly climbed more than 25 percent, and the added costs were passed on to motorists. Prices took over a month to return to previous levels.

The hacking of a major pipeline, while not a major problem for motorists, is a sign of the times. Criminal groups and even nations can threaten power lines, personal information and even banks.

The group responsible for the pipeline attack, DarkSide, typically locks up its victims’ data using encryption, and threatens to release the data unless a ransom is paid. Colonial Pipeline has not said whether it has paid or intends to pay a ransom.

“The unfortunate truth is that infrastructure today is so vulnerable that just about anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a British security software and hardware company. “Infrastructure is an easy — and lucrative — target for attackers.”

View Source

When the Mafia Serves Coffee in the Courthouse

It was actually an episode involving Mr. Pennacchio that helped set off the inquiry.

Mr. Pennacchio and a partner had competed for the same courthouse cafe contract, filing an appeal after they lost. He then received, in a corridor of the courthouse, a warning from a clan member to back off, according to court documents.

Investigators who followed up began to suspect that the new bar ownership was a front. The police installed bugs and cameras in the cafe and started wiretapping suspects, getting a clearer picture of the family’s activities. Among other things, they said, the clan controlled a gaming cafe and was behind a jewelry store theft in the city.

Prosecutors said that they let the mobsters think they were outsmarting the authorities.

“If a criminal from another group goes there and sees they are managing the courthouse cafe,” Mr. Curcio said, “they must think, ‘Man these guys are smart.’”

He said that “criminal prestige” was probably the main reason that the family had sought control of the cafe.

Basilio Pitasi, a lawyer for Saverio Riviezzi, who the prosecutors claim is the clan’s boss, said that the family was not a Mafia organization. He added that Mr. Riviezzi had already been cleared of such allegations in the past.

Mr. Pitasi said that the so-called Riviezzi clan — which authorities say ran the cafe — did not control any territory or operate “diffused intimidation,” two elements that he said were fundamental to defining a mafia organization.

Rev. Marcello Cozzi, president of a think tank, the Center for Studies and Research on the South, said that the Mafia families in Basilicata, including the Riviezzis, are “young compared to other Mafias in Italy that go back over 150 years.”

View Source