According to intelligence officials, all signs indicate that it was merely an act of extortion by the group that first began delivering such ransomware in August last year and that is believed to be operating from Eastern Europe, possibly Russia. Even in the group’s own testimony on Monday, there was evidence that the group had only intended to extort money from the company and was surprised that the main gasoline and jet fuel supplies for the east coast were cut.
The attack exposed the remarkable vulnerability of a major energy channel in the US as hackers become bolder in taking over critical infrastructure such as power grids, pipelines, hospitals and water treatment plants. The Atlanta and New Orleans city governments and, in recent weeks, the Washington, DC Police Department, have also been hit.
The explosion in ransomware cases has been fueled by the rise in cyber insurance – which has made many companies and governments mature targets for criminal gangs who believe their targets will pay off – and cryptocurrencies, which make it difficult to track extortion payments.
In this case, the ransomware was not targeting the pipeline’s control systems, but rather the company’s back-office operations, said federal officials and private investigators. However, fear of greater damage forced the company to shut down the system. This created the huge security gaps in the patched network that keeps gas stations, truck stops, and airports going.
A preliminary investigation found poor security practices at Colonial Pipeline, according to federal and private officials familiar with the investigation. The mistakes most likely made it fairly easy to break into and block the company’s systems.