Gas stations in from Florida to Atlanta and Virginia are closing their pumps due to a fuel shortage brought on by the Colonial Pipeline hack, and a state of emergency has been declared by the governor of North Carolina.

The 5,500 mile pipeline was shut down on Friday evening by the company when the ransomware attack was launched. Service was gradually being restored on Monday.

At least 12 other companies were also affected by the ransomware attack, Bloomberg reported. 

The pipeline supplies 45 per cent of all the East Coast’s fuel needs, including Atlanta airport – the world’s busiest, by passenger traffic. The pipeline serves 90 U.S. military installations and 26 oil refineries.

On Monday evening motorists were beginning to report shortages at gas stations.

A spokesman for Race Trac, which operates gas stations in the Atlanta area, confirmed the shortage to WSBTV-2

At least two gas stations in Tallahassee, Florida, were completely out of stock, Bloomberg reported. 

Patrick de Haan, an energy expert who runs the monitoring site Gas Buddy Tracker, said his sources showed five per cent of stations in Virginia running empty.

‘Conserve, conserve, conserve,’ he tweeted. 

AAA predicts that gasoline prices in the Georgia region could rise three to seven cents per gallon this week, and said that there also could be ‘limited fuel availability’ in places.

Gas stations in Atlanta were suffering from shortages on Monday as a result of the hack

Gas stations in Atlanta were suffering from shortages on Monday as a result of the hack

On Monday evening, the Gas Buddy tracking site was showing several gas stations empty

On Monday evening, the Gas Buddy tracking site was showing several gas stations empty

Motorists had been told to expect a price surge at the pump as shortages begin to bite

Motorists had been told to expect a price surge at the pump as shortages begin to bite

The attack on Colonial Pipeline took place Friday and affected some information technology systems. Operations remained shut down until Monday, when some service resumed

The attack on Colonial Pipeline took place Friday and affected some information technology systems. Operations remained shut down until Monday, when some service resumed

‘This shutdown will have implications on both gasoline supply and price, but the impact will vary regionally,’ said Montrae Waiters, spokeswoman for AAA-The Auto Club Group. 

‘Areas including Mississippi, Tennessee and the East Coast from Georgia into Delaware are most likely to experience limited fuel availability and prices increases as early as this week.’

Roy Cooper, the governor of North Carolina, said the emergency declaration would help people prepare for possible shortages. 

‘Today’s emergency declaration will help North Carolina prepare for any potential motor vehicle fuel supply interruptions across the state and ensure motorists are able to have access to fuel,’ he said. 

On Twitter, motorists in Atlanta were reporting having to go to three different gas stations to fill up.

‘Gas stations around Atlanta are running out of gas and the ones that have it are hiking up the prices,’ said one man.

Another said: ‘Y’all better go and fill up on gas Atlanta. I finally got gas after trying at 3 gas stations.’

A third man said: ‘I went to three gas stations and they were out of gas.

‘Hope to make it to one with gas before my car stop.’  

The Colonial Pipeline runs from Texas to New Jersey and carries 100 million gallons of fuel daily

The Colonial Pipeline runs from Texas to New Jersey and carries 100 million gallons of fuel daily

What is DarkSide? 

DarkSide is a group of hackers which first emerged in August 2020, with a press release declaring their formation.

Since then, they have become known for their professional operations and large ransoms. 

The group has a phone number and even a help desk to facilitate negotiations with victims. 

Believed to be based in Russia, they have targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential, and an Office Depot subsidiary.

They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can afford to pay large ransoms. 

‘Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,’ the press release reads. 

They avoid targets in former Soviet states. 

In North Carolina, a reporter with WLOS spoke to a cashier at a gas station in Robbinsville, whose pumps were dry. 

‘Clerk said manager told her it could be five days before they have gas again. 

‘Says phone has been ringing off the hook of people calling around to find gas,’ tweeted the reporter.

The pipeline, the largest in United States, is responsible for transporting more than 100 million gallons of fuel – 2.5 million barrels – daily through pipelines laid out between Texas and New Jersey.   

The hack is thought to have been carried out by DarkSide, a Russian-based hacking group.

On Monday the group posted an apology on the dark web, Vice reported, and said they did not want ‘social consequences’, nor did they seek political influence.

‘We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,’ they wrote. 

‘Our goal is to make money and not creating problems for society. 

‘From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.’ 

 

Russian hackers DarkSide claim their ‘goal is to make money not problems’ with the attack on Colonial Pipeline – despite rocketing gas prices nearing $3 per gallon 

The Russian criminal gang known as DarkSide that is behind the attack that shut down Colonial Pipeline have  claimed their only goal is to ‘make money’ and not cause chaos – as experts warn gas prices could surge past $3 a gallon if America’s largest fuel pipeline remains down.    

The FBI confirmed on Monday that DarkSide, the Russian hacking outfit made up of ransomware veterans, was responsible for the attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast’s fuel supply.

DarkSide, which cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, said in a statement posted on the dark web on Monday that their only goal was to ‘make money’ and not create problems for society. 

‘We are apolitical, we do not participate in geopolitics,’ the statement read. ‘Our goal is to make money and not creating problems for society.’

‘From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.’

Despite saying they want to avoid chaos, experts have warned that the shutdown of Colonial last Friday could cause extraordinary disruption and result in a spike in gas prices the longer the pipeline remains down.  

Colonial has said it is aiming to restore its services by the end of the week after being forced to shut down all its pipeline operations on Friday to contain the ransomware cyberattack threat.    

The American Automobile Association said on Monday that gas prices were already starting to spike in the wake of the attack: The national gas price average has jumped six cents to $2.96. 

The AAA warns it is only excepted to surge further as a result of the Colonial shutdown. An increase of three more cents would make the national average the most expensive since November 2014. 

The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry

The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast’s fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry

The cyberattack carried out by Russian ransomware hackers that shut down Colonial Pipeline, America's largest fuel pipeline, has left the operator and the US government scrambling to restart the network to avoid fuel shortages and price hikes

The cyberattack carried out by Russian ransomware hackers that shut down Colonial Pipeline, America’s largest fuel pipeline, has left the operator and the US government scrambling to restart the network to avoid fuel shortages and price hikes 

In other related news from today: 

  • Colonial has not yet said whether it has already paid or is negotiating a ransom with the DarkSide hackers
  • The FBI has been tracking the group since at least October and are investigating whether they have ties to the Russian government
  • Cyber experts have warned the attack has the potential to become a ‘real-world catastrophe’ the longer it stretches out 
  • The fuel pipeline operator says it has restarted some smaller lines between fuel terminals and customer delivery points but its main lines remained shut
  • Colonial is aiming to restore its services by the end of the week 

‘This shutdown will have implications on both gasoline supply and prices, but the impact will vary regionally. Areas including Mississippi, Tennessee and the east coast from Georgia into Delaware are most likely to experience limited fuel availability and price increases, as early as this week,’ an AAA spokesperson said. ‘These states may see prices increase three to seven cents this week.’ 

Colonial, which is based in Atlanta, Georgia, has not yet said whether it has already paid or is negotiating a ransom with the hackers. The White House declined to weigh in on Monday on whether companies that are hacked like Colonial should pay ransom to their attackers.   

The FBI has been tracking the group since at least October and are investigating whether they have ties to the Russian government. 

DarkSide is believed to be based out of Russia and made up of veteran cybercriminals. In a statement (above) following the Colonial attack, the group denied being political and said their only goal was to 'make money'

DarkSide is believed to be based out of Russia and made up of veteran cybercriminals. In a statement (above) following the Colonial attack, the group denied being political and said their only goal was to ‘make money’

The cyber gang, which was started eight months ago, is believed to based out of Russia where they are given free rein to target Western countries. DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe. 

President Biden said on Monday that there US intelligence hasn’t found any ties between the attack and the Russian government but said there was evidence DarkSide was based in Russia. 

‘They have some responsibility to deal with this,’ Biden said, adding that he would be meeting with President Putin soon.  

Cyber experts have warned the attack has the potential to become a ‘real-world catastrophe’ the longer it stretches out and say it should serve as a wake-up call to companies about the vulnerabilities they face. 

‘This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe,’ Andrew Rubin, CEO and co-founder of cybersecurity firm Illumio told NBC News.

‘It’s an absolute nightmare, and it’s a recurring nightmare. Organizations continue to rely and invest entirely on detection, as if they can stop all breaches from happening. But this approach misses attacks over and over again. Before the next inevitable breach, the president and Congress need to take action on our broken security model.’  

It is not yet clear how long the shut down is expected to last. 

Colonial has not provided a timeline for a full restart of the 5,500 mile system, which moves more than 2.5 million barrels per day of gasoline, diesel and jet fuel – supplying motorists and major airports.   

The fuel pipeline operator said on Sunday it had restarted some smaller lines between fuel terminals and customer delivery points but its main lines remained shut. 

‘We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,’ the company said.   

Experts are saying that gasoline prices are unlikely to be significantly affected and there will not be a lasting impact if the pipeline is back to normal within five days. If it lasts anywhere between six to 10 days, Wells Fargo analyst Roger Read warned gas prices will continue to spike along the East Coast and spot shortages will start in the Southeast. Anymore than 10 days offline will result in ‘significant fuel shortages’ in the Southeast, according to Wells Fargo.   

Experts are saying that gasoline prices are unlikely to be affected and there will not be a lasting impact if the pipeline is back to normal within five days. Anymore than 10 days offline will result in 'significant fuel shortages' in the Southeast

Experts are saying that gasoline prices are unlikely to be affected and there will not be a lasting impact if the pipeline is back to normal within five days. Anymore than 10 days offline will result in ‘significant fuel shortages’ in the Southeast

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday before demanding a ransom. Colonial, which is based in Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial’s network on Thursday before demanding a ransom. Colonial, which is based in Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers

DarkSide: The Russian hacking outfit behind the Colonial Pipeline attack is given free rein by the Kremlin to target Western countries 

The cyberextortion attack that forced the shutdown of America’s largest fuel pipeline was carried out by a criminal gang known as DarkSide that is believed to based out of Russia where they are given free rein to target Western countries.

DarkSide is made up of veteran cybercriminals but insists it is not political. Like many others, however, DarkSide seems to spare Russian, Kazakh and Ukrainian-speaking companies, which does suggest a link to Russia.

Ransomware rackets are now dominated by Russian-speaking cybercriminals who are shielded – and sometimes employed – by Russian intelligence agencies, according to US officials.

Cyber experts say Russia gives free rein to hackers who target the US and European countries.

DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe.

‘Whether they work for the state or not is increasingly irrelevant, given Russia’s obvious policy of harboring and tolerating cybercrime,’ Dmitri Alperovitch, a co-founder of CrowdStrike, told NBC of DarkSide’s recent hacking.

The FBI on Monday confirmed that DarkSide was responsible for the attack on Colonial Pipeline that has experts fearing widespread gas shortages and significant price hikes. The federal agency did not mention DarkSide’s ties to Russia.

The US last month slapped sanctions on Russia for malign activities including state-backed hacking. The Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor.

DarkSide, which cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, said in a statement posted on the dark web that their only goal was to ‘make money’ and not create problems for society.

‘We are apolitical, we do not participate in geopolitics,’ the statement read. ‘Our goal is to make money and not creating problems for society.’

‘From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.’

Despite only emerging in August last year, DarkSide appears to be very organized, experts say.

Those who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

‘They’re very new but they’re very organized,’ Lior Div, the chief executive of Boston-based security firm Cybereason, said. ‘It looks like someone who’s been there, done that.’

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center and a victim hotline to help facilitate ransom payments.

Experts say DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

DarkSide’s site on the dark web hints at their hackers’ past crimes with claims they previously made millions from extortion and that just because their software was new ‘that does not mean that we have no experience and we came from nowhere’.

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up. It advertises stolen documents from more than 80 companies across the US and Europe.

One of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting ‘portions of its information technology systems’ last month.

DarkSide has previously targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential and an Office Depot subsidiary called CompuCom.

The group has a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.

They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments. They instead go after big organizations that can afford to pay large ransoms and claims to donates a portion of its take to charity.

The group has posted receipts from donations it claims it has made to US charities in the wake of ransom attacks.

As the shutdown entered its fourth day, the Department of Transportation issued an emergency declaration for 17 states and the District of Columbia to help keep fuel supply lines open and the White House organized a federal task force to assess the impact and avoid more severe disruptions. 

The regional emergency declaration relaxes hours-of-service regulations for drivers carrying gasoline, diesel, jet fuel and other refined petroleum products in the effected states.

It lets them work extra or more flexible hours to make up for any fuel shortage related to the pipeline outage. 

The Department of Transportation could take additional measures if the outage continues. 

The resulting shutdown has already disrupted fuel supply across the East Coast, triggered isolated sales restrictions at retail pumps and pushed benchmark gasoline prices to a three-year high. 

The line supplies jet fuel to major airports including the nation’s busiest: Atlanta’s Hartsfield-Jackson International. 

The airport expects the outage to be resolved before any impact on flights, a spokesman said.

Colonial is the fifth Atlanta-based company to be hit by a cyberattack in the last year.  

An alternative, smaller conduit that serves the same region has already filled. Kinder Morgan Inc’s 720,000-bpd fuel pipeline had been working with customers to take on additional volumes since Friday and reached full capacity for May on Sunday, a spokeswoman for the company told Reuters.

If the disruption stretches on, fuel suppliers would need to use trucks and rail to transport fuel to compensate.

‘A Herculean effort would be needed from other sources to make up the shortfall (in the East Coast) if the pipeline disruption is prolonged,’ RBC Capital Markets wrote in a note. 

A prolonged shutdown of the line, described as the ‘jugular of infrastructure’ by one analyst, would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to US consumers and the economy. 

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are ‘what businesses now have to worry about’ and that she will work ‘very vigorously’ with the Department of Homeland Security to address the problem, calling it a top priority for the administration.

‘Unfortunately, these sorts of attacks are becoming more frequent,’ she told CBS’ Face the Nation. ‘We have to work in partnership with business to secure networks to defend ourselves against these attacks.’

She said President Joe Biden had been briefed on the attack.

‘It’s an all-hands-on-deck effort right now,’ Raimondo said. ‘And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.’

Sources told Bloomberg News that hackers stole nearly 100 gigabytes of data out of Colonial’s network on Thursday before demanding a ransom. 

Experts said that the incident should serve as a wake-up call to companies about the vulnerabilities they face.  

Colonial said it immediately hired an outside cybersecurity firm to investigate the nature and scope of the attack and federal agencies have been called in to assist.  

The FBI has already blamed DarkSide for the cyberextortion attack on the pipeline. 

DarkSide is made up of veteran cybercriminals but insists it is not political. Like many others, however, DarkSide seems to spare Russian, Kazakh and Ukrainian-speaking companies, which does suggest a link to Russia. 

Ransomware rackets are now dominated by Russian-speaking cybercriminals who are shielded – and sometimes employed – by Russian intelligence agencies, according to US officials.  

Cyber experts say Russia gives free rein to hackers who target the US and European countries.

DarkSide has already boasted that it has been paid millions of dollars in ransom from 80 companies across the US and Europe.

The US last month slapped sanctions on Russia for malign activities including state-backed hacking. The Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor. 

DarkSide, which cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, said in a statement posted on the dark web that their only goal was to ‘make money’ and not create problems for society. 

‘We are apolitical, we do not participate in geopolitics,’ the statement read. ‘Our goal is to make money and not creating problems for society.’

‘From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.’ 

Colonial, which is based in Atlanta, Georgia, has not yet said whether it has paid or is negotiating a ransom with the hackers.  

Despite only emerging in August last year, DarkSide appears to be very organized, according to cybersecurity experts. 

Those who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets. 

The hackers cultivate a Robin Hood image of stealing from corporations and giving a cut to charity. Pictured is a receipt the group claims shows they donate a cut of their ransoms to charity

The group has posted receipts from donations it claims it has made to US charities in the wake of ransom attacks

The hackers cultivate a Robin Hood image of stealing from corporations and giving a cut to charity. Pictured is a receipt the group claims shows they donate a cut of their ransoms to charity 

DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim's server and encrypts it. The software leaves a ransom note text file with demands (pictured above)

DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim’s server and encrypts it. The software leaves a ransom note text file with demands (pictured above)

‘They’re very new but they’re very organized,’ Lior Div, the chief executive of Boston-based security firm Cybereason, said. 

‘It looks like someone who’s been there, done that.’

DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center and a victim hotline to help facilitate ransom payments. 

Experts say DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.

‘It’s as if someone turned on the switch,’ said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.  

DarkSide’s site on the dark web hints at their hackers’ past crimes with claims they previously made millions from extortion and that just because their software was new ‘that does not mean that we have no experience and we came from nowhere’.

The site also features a Hall of Shame-style gallery of leaked data from victims who haven’t paid up.

It advertises stolen documents from more than 80 companies across the US and Europe.

One of the more recent victims featured on its list was Georgia-based rugmaker Dixie Group Inc, which publicly disclosed a digital shakedown attempt affecting ‘portions of its information technology systems’ last month. 

DarkSide has previously targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential and an Office Depot subsidiary called CompuCom. 

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are 'what businesses now have to worry about' and that she will work 'very vigorously' with the Department of Homeland Security to address the problem, calling it a top priority for the administration

Commerce Secretary Gina Raimondo said on Sunday that ransomware attacks are ‘what businesses now have to worry about’ and that she will work ‘very vigorously’ with the Department of Homeland Security to address the problem, calling it a top priority for the administration 

Average US price of gas jumps 6 cents per gallon to $3.02 

The average US price of regular-grade gasoline jumped 6 cents over the past two weeks, to $3.02 per gallon.

Industry analyst Trilby Lundberg of the Lundberg Survey said Sunday that the increase came as the costs of crude oil and ethanol also rose. Ethanol must be blended by refiners into gasoline, per federal rules.

The price at the pump is $1.05 higher than it was a year ago.

The highest average price in the nation right now is $4.16 a gallon in the San Francisco Bay Area. The lowest average is $2.55 in Baton Rouge, Louisiana.

The average price of diesel is up 2 cents over the same period, to $3.16.

The group has a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners. 

They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments. 

They instead go after big organizations that can afford to pay large ransoms and claims to donates a portion of its take to charity. 

‘Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,’ the group has previously said.  

The group has posted receipts from donations it claims it has made to US charities in the wake of ransom attacks.  

According to data security firm Arete, DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim’s server and encrypts it.

The software leaves a ransom note text file with demands.  

Ransoms average more than $6.5 million and the attacks lead to an average of five days of downtime for the business. 

Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network because some victims are loath to see sensitive information of theirs dumped online. 

Ransom software works by encrypting victims’ data and typically hackers will then offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. 

If the victim resists, hackers threaten to leak confidential data in a bid to pile on the pressure. 

According to some experts, DarkSide’s code is standard ransomware but Div said that what does set them apart is the intelligence work they carry out against their targets beforehand.  

Typically ‘they know who is the manager, they know who they’re speaking with, they know where the money is, they know who is the decision maker,’ Div said.

In that respect, Div said that the targeting of Colonial Pipeline, with its potentially massive knock-on consequences for Americans up and down the Eastern seaboard – may have been a miscalculation.

‘It’s not good for business for them when the US government becomes involved, when the FBI becomes involved,’ he said. 

‘It’s the last thing they need.’

The FBI released a statement on Monday, saying: ‘The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.’

#Gas #stations #run #fuel #cyberattack #Colonial #Pipeline