U.S. Seizes Share of Ransom From Hackers in Colonial Pipeline Attack

Link: https://www.nytimes.com/2021/06/07/us/politics/pipeline-attack.html

Excerpt:

The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.

Investigators in recent weeks traced 75 Bitcoins worth more than $4 million that Colonial Pipeline had paid to the hackers as the attack shut down its computer systems, prompting fuel shortages, a spike in gasoline prices and chaos at airlines.

Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement officials and court documents.

The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million. (The value of a Bitcoin has dropped over the past month.)

Author(s): Katie Benner, Nicole Perlroth

Publication Date: 7 June 2021

Publication Site: New York Times

MTA scare highlights public finance cyber woes

Link: https://fixedincome.fidelity.com/ftgw/fi/FINewsArticle?id=202106070952SM______BNDBUYER_00000179-d86e-df56-a3fd-f8fe8d120001_110.1

Excerpt:

Subway safety in New York took on a new meaning when the Metropolitan Transportation Authority acknowleged a cyber intrusion, which set off loud alarm bells about the rising threat of system hacks.

The MTA is one of the largest municipal issuers and reports linked China’s government to the episode.

Despite MTA officials? assurances of quick troubleshooting and no evidence of compromise to its operational systems, employee or customer information, this marked the latest chilling cybersecurity event for public finance.

Author(s): Paul Burton

Publication Date: 7 June 2021

Publication Site: Fidelity Fixed Income

Meat Supplies Tighten as Cyberattack on JBS Snarls Food Chain

Link: https://www.wsj.com/articles/jbs-meat-plants-face-slow-restart-after-cyberattack-11622633982

Graphic:

Excerpt:

A ransomware attack against JBS SA sent shock waves throughout the U.S. food industry and exacerbated tension between Washington and Moscow, even as the meatpacker restarted plant operations.

JBS said most of its plants resumed operations Wednesday, though some shifts and processing operations remained suspended, according to individual plants’ social-media posts.

….

Meat supplies were already tight before the cyberattack. Surging demand from reopening restaurants, along with production problems at meat plants, are driving up costs of bacon, chicken wings and other products as people continue to make big grocery purchases. Some restaurants and supermarkets have raised prices for consumers as a result.

Distributor Gordon Food Service Inc. bought meat from other suppliers Tuesday while JBS plants were offline, said Jagtar Nijjar, Gordon’s director of imports and commodities. Mr. Nijjar said he expected it to take four business days for its normal order flow from JBS to resume. Normally, he said, Gordon gets more than half of its pork from JBS, at least half a million pounds every week.

U.S. cattle producers, meanwhile, said they were waiting to learn whether they would be able to deliver animals to JBS plants on schedule this week. U.S. meat companies slaughtered 105,000 cattle and 439,000 hogs on Wednesday, down 13% and 9%, respectively, from a week prior, according to USDA data.

Author(s): Jesse Newman, Jacob Bunge

Publication Date: 2 June 2021

Publication Site: WSJ

Colonial Pipeline Hack Reveals America’s Vulnerabilities

Link: https://www.governing.com/security/colonial-pipeline-hack-reveals-americas-vulnerabilities

Excerpt:

If you want to get Americans’ attention, hit their ability to drive. Panic buying and gas lines were quickly seen in the Southeast. Midweek, 71 percent of the gas stations in car-burdened Charlotte, North Carolina, were dry.

Ransomware takes control of a company’s or organization’s software or data until the owners make a payment. Even paying a ransom doesn’t guarantee the owners will get control again.

Initial reports said Colonial refused to pay ransom. But Colonial handed over nearly $5 million to the hackers. Bloomberg reports that the payment was in difficult-to-trace cryptocurrency. In exchange, Colonial received a decrypting tool to help restore its disabled network.

DarkSide, believed to be based in Eastern Europe, released a statement saying, “We are apolitical, we do not participate in geopolitics … Our goal is to make money, and not creating problems for society.”

But no one is safe from cybercrime, whether the attacker is a shadowy group or tied to a nation-state, whether they want money or data or to paralyze infrastructure. Whether the victim is an individual who opened an email containing malware or a leading technology company.

Author(s): Jon Talton, The Seattle Times

Publication Date: 14 May 2021

Publication Site: Governing