US passes emergency waiver over fuel pipeline cyber-attack
The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.
The Colonial Pipeline carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, petrol and jet fuel.
The operator took itself offline on Friday after the cyber-attack and work to restore service is continuing.
The US government has relaxed rules on fuel being transported by road.
It means drivers in 18 states can work extra or more flexible hours when transporting refined petroleum products.
US fuel prices at the pump were largely unaffected on Monday, but there are fears that could change if the shutdown is prolonged.
The ransomware surge ruining lives
Travelex being held to ransom by hackers
Independent oil market analyst Gaurav Sharma told the BBC a lot of fuel was now stranded at refineries in Texas.
"Unless they sort it out by Tuesday, they're in big trouble," said Mr Sharma. "The first areas to be hit would be Atlanta and Tennessee, then the domino effect goes up to New York."
He said oil futures traders were now "scrambling" to meet demand, at a time when US inventories are declining, and demand - especially for fuel for cars - is on the rise as consumers return to the roads and the economy recovers.The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network and locked the data on some computers and servers, demanding a ransom on Friday.
The gang tried to take almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.
Colonial's data did not appear to have been transferred from that system anywhere else, potentially limiting the hackers' leverage to extort or further embarrass the company, the news agency said.
On Sunday, Colonial said that although its four main pipelines remain offline, some smaller lines between terminals and delivery points were now operational.
"Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring," the firm said.
It added it would bring its full system back online "only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations".
Ransomware as a serviceThe incident highlights the risk ransomware can pose to critical national industrial infrastructure, not just businesses.
In addition to a notice on their computer screens, victims of a DarkSide attack receive an information pack informing them that their computers and servers are encrypted.
The gang lists all the types of data it has stolen, and sends victims the URL of a "personal leak page" where the data is already loaded, waiting to be automatically published, should the company or organisation not pay before the deadline is up.
DarkSide also tells victims it will provide proof of the data it has obtained, and is prepared to delete all of it from the victim's network.
According to Digital Shadows, a London-based cyber-security firm, DarkSide operates like a business.The gang develops the software used to encrypt and steal data from companies.
It then provides ransomware to "affiliates" who pay DarkSide a percentage of their earnings from any successful attacks.
When it released new software in March that could encrypt data faster than before, the gang issued a press release and invited journalists to interview it.
It even has a website on the dark web where it lists all the companies it has hacked and what was stolen, and an "ethics" page where it says which organisations it will not attack.
How did the attack occur?
Digital Shadows said the Colonial attack was helped by the coronavirus pandemic, with more engineers remotely accessing control systems for the pipeline from home.
James Chappell, co-founder of Digital Shadows, said DarkSide could have bought account login details for remote desktop software such as TeamViewer and Microsoft Remote Desktop."We're seeing a lot of victims now, this is seriously a big problem," said Mr Chappell.
"The amount of small businesses that are falling victim to this... It's becoming a big problem for the economy globally."
Digital Shadows' research shows the cyber-criminal gang is likely to be based in a Russian-speaking country, as it avoids attacking companies in post-Soviet states including Russia, Ukraine, Belarus, Georgia, Armenia, Moldova, Azerbaijan, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan.
Read More : Russian top doctor who treated Navalny emerges from forest
The former head of the Russian hospital that treated Kremlin critic Alexei Navalny last year has emerged from a Siberian forest, having been missing.
Teams using a helicopter and drones spent the weekend searching the swampy area in the Omsk region.
Dr Alexander Murakhovsky, 49, left a hunting base on Friday. He turned up in a village on Monday, looking healthy.
His Omsk team gave Navalny life-saving treatment last year, but Navalny's group suspected them of a cover-up.
Navalny, 44, collapsed on a flight in August and was rushed to intensive care in Omsk, then airlifted to Berlin, where he spent months recovering. Western experts concluded that he had been poisoned with Novichok, a Russian military-grade nerve agent.
Dr Murakhovsky reappeared on Monday in Basly, 32km (20 miles) from the hunting base.
His all-terrain vehicle had been found 6.5km from the base in Pospelovo, another village. The Omsk government said the doctor was "in a normal condition" but was undergoing a medical check.
Two senior doctors at the Omsk hospital died aged 55 and 63 this year. There was no indication of foul play.
The hospital, headed by Dr Murakhovsky until last November, insisted that it had found no trace of nerve agent while treating Navalny.
Read More :
https://rlee.instructure.com/eportfolios/3878/Home/_2021__1080P
https://rlee.instructure.com/eportfolios/3900/Home/_Spiral__From_The_Book_Of_Saw___HD
https://rlee.instructure.com/eportfolios/3916/Home/2021__Spiral__From_The_Book_Of_Saw___4K
https://rlee.instructure.com/eportfolios/3945/Home/__2021_____Spiral__From_The_Book_Of_Saw_HD2021
https://rlee.instructure.com/eportfolios/3962/Home/__2021HD______HD1080p
Alexei Navalny: Russia's vociferous Putin critic
Gaunt Navalny attacks Putin as network is disbanded
The Kremlin has repeatedly denied allegations that Russian state agents tried to kill Navalny. Lab tests in three Western countries, confirmed by the global chemical weapons watchdog, established that Novichok had poisoned him.
A Novichok attack also nearly killed Russian ex-spy Sergei Skripal and his daughter Yulia in Salisbury, England, in 2018. A local woman died from the poison.
At the weekend police, an emergencies ministry team and volunteers searched a swampy forest about 2,200km (1,370 miles) east of Moscow for the missing doctor, who is currently health minister for the Omsk region.