As President Joe Biden prepares to issue an executive order strengthening cybersecurity for federal agencies and contractors, the cyberhackers responsible for the ransomware attack on the East Coast pipeline said they didn’t want to threaten the nation’s energy grid, but were only trying to “make money.”
“Our goal is to make money, and not creating problems for society,” said the release which was posted to the group’s website.
The news release, headlined “About The Latest News” did not mention the attack specifically, and it did not say how much money it was demanding.
The ransomware attack against the company, which is responsible for the network delivering fuel to much of the east coast, was the latest in a series of cyberattacks on private industry, and has increased concerns about the safety of U.S. infrastructure.
Biden’s proposed order would create a series of digital safety standards for federal agencies and contractors that develop software for the federal government, such as multifactor authentication.
But in the wake of the attack, there are questions over whether the order goes far enough, reports the New York Times.
The new order would also require federal agencies to take a “zero trust” approach to software vendors, granting them access to federal systems only when necessary, and require contractors to certify that they comply with steps to ensure that the software they deliver has not been infected with malware or does not contain exploitable vulnerabilities.
And it would require that vulnerabilities in software be reported to the U.S. government. The order would also establish a small “cybersecurity incident review board.”
The board would be loosely based on the National Transportation Safety Board.
Federal officials concede that the regulations would almost certainly have failed to thwart the most skilled nation-state intrusions and sophisticated disruptions that rocked the government and corporate America in recent months.
While the order could be effective against the kind of ransomware attack that took over Colonial Pipeline’s headquarters, which was less sophisticated than Russian and Chinese cyberattacks, it is unclear if the president’s executive order would apply to the private corporation.
Meanwhile, the Associated Press reports that ransomware gangs like the one that targeted the pipeline have also begun aggressively pressuring law enforcement agencies to pay ransoms on stolen data, including leaking or threatening to leak highly sensitive and potentially life-threatening information.
A threat analyst has counted at least 11 law enforcement agencies affected by ransomware since the beginning of 2020. The attacks are potentially highly damaging when considering the amount of personal information police departments are able to collect and store due to advances in surveillance equipment and technologies such as artificial intelligence and facial recognition software.
The “DarkSide” group said its hackers would launch checks on fellow cybercriminals “to avoid social consequences in the future.” The hackers did not return repeated messages to their website seeking further comment, Reuters said.
According to Bloomberg.com, the pipeline attack was part of a “double-extortion” scheme. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said sources.
According to a Boston-based cybersecurity firm, Cyberreason, DarkSide operates like a service site for hackers, providing hacking tools to any who want them. It described the group as “highly professional,” with a help desk and call- in phone number for victims.
In its release, the group provided its own “ethics” statement, promising to donate a portion of its profits to charities, although some of the charities have turned down the contributions.
“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the hackers wrote. “Today we sended [sic] the first donations.”
Cybereason found that the group is highly professional, offering a help desk and call in phone number for victims, and has already published confidential data on more than 40 victims. It maintains a website called “DarkSide Leaks” that’s modeled on WikiLeaks where the hackers post the private data of companies that they’ve stolen.
See also: “Escalating Cyberattacks Threaten National Security,” The Crime Report, May 7, 2021