Why was the US oil company forced to pay 5 million ransoms?

A major oil company in the United States has reportedly paid a 5 million ransom to the Internet criminal gang Dark Side. The US oil company Colonial Pipeline failed to operate for five days as a result of a ransom cyber-attack, which cut off oil supplies to many parts of the United States. 

The hacking of the Colonial Pipeline was seen as the biggest attack on a major national infrastructure in history. US media outlets CNN, The New York Times, Bloomberg and The Wall Street Journal quoted sources as saying the ransom had been paid. The Colonial Pipeline said Thursday that the company would not comment on the news.

After a five-day shutdown, oil supplies were restored on Wednesday. Colonel has said it will take a few days for its oil supply system to return to normal. The 5,000 mile pipeline supplies 2.5 million barrels of oil per day to the eastern United States. The cut-off was prompted by rising diesel and petrol prices across the United States, forcing several states to declare a state of emergency.

According to the American Automobile Association, oil prices reached their highest level since October 2014. The Japanese company Toshiba said on Friday that its company's European division in France had suffered a similar attack on May 4 by hackers.

According to the cyber reporter, the "payment of ransom" is a major setback for President Biden, who this week signed a decree strengthening the cyber security system.

How does the dark side work?

Cyber security firms have told the reporter that the "dark side" enters a company's system to obtain sensitive information and then demands a ransom to recover the company's information if they do not receive the money then they will delete it. Dark side actually develops the software that is used in the attack and then those who use it contribute to the Dark Side of the ransom.

In response to claims that the Dark Side's actions were politically motivated, the Dark Side stated on its website that "our goal is to make money, not to create problems for society." He said he did not know that those using his software were attacking the Colonial pipeline, which caused problems for people.

The Dark Side also said it would introduce a system that would allow them to see which companies using their software were attacking the company and whether it would cause people trouble. Reuters reported on Friday that access to the Dark Side's website was blocked.

How can a pipeline be hacked?

The image of the oil industry in the minds of many is based on pipes, pumps and greasy black liquids. But in reality, a modern operation such as the colonial pipeline is highly digital. Pressure sensors, thermostats, valves and pumps are used to monitor the flow of diesel, petrol and jet fuel in pipes that stretch over hundreds of miles. Even Colonial has a high-tech 'smart pig' (pipeline inspection gauge) robot that checks for faults in its pipes. All these operational technologies are connected to a central system. The Colonial Pipeline supplies 2.5 million barrels of oil per day and John cyber expert at Checkpoint, says there is a risk of a cyber-attack where there is contact.

All the equipment used to run modern pipelines is now controlled by computers, not humans, he said. If they are connected to an organization's internal network, and are exposed to cyber-attacks, the risk of attacks on the pipeline increases.

How did the hackers get in there?

Experts say direct attacks on operational technology are rare because their systems are generally better protected. Therefore, it is possible that hackers gained access to the colonial computer system through the business administration. Sources said: We have seen some of the biggest attacks start with an email. For example, an employee may be tricked into downloading malware.

We have also seen examples in recent days where hackers have taken advantage of vulnerabilities in third-party software. Hackers leave no stone unturned to enter a network. Hackers may have been inside the colonial's IT network for weeks or months before the attack.

It should be noted that in the past, criminals have wreaked havoc after finding ways to enter operational technology software programs. In February, a hacker gained access to the Florida city's water system and tried to add a dangerous amount of a chemical to it. Similarly, in the winter of 2015-16, hackers in Ukraine tampered with digital switches at a power plant, affecting thousands of people.

 How can this be prevented?

The easiest way to protect operational technology is to keep it offline, meaning it has nothing to do with the Internet. But it's becoming harder for businesses to do so as they rely more on fast-paced tools to improve performance. Cyber security expert says that traditionally companies used to do something like 'air gaping'. This ensured that key systems were run on separate networks that were not connected to external networks. However, in today's changing world, more and more things are becoming dependent on communication.

Who are the hackers?

The according to FBI that the Russian-based Dark Side is responsible for the relatively new group, but that it is largely responsible for ransomware. Cyber Defender Arms believe that it is unusual for criminal groups to attack critical national infrastructure and that such attacks are a cause for growing concern. We are now seeing ransomware groups (hackers for ransom) experimenting, he said Where important public service items are linked online; they are more likely to be redeemed. Interestingly, the group has posted an apology for the hack on its Dark Net website.

Although not directly referring to the Colonial invasion, Today's News states that our goal is to make money, not to create problems for society. From today, we will pursue moderation and examine every company that our partners want to target in the future in order to avoid its social impact.

Like many ransomware groups, Side runs an affiliate program for their partner that uses their malware to carry out attacks and in return receives a certain percentage of the ransom. Earlier, Side said it was about to start donating some of the money to be raised for charities.

How can important services be saved?

Experts have long been concerned about the hacking of key national infrastructure. Last month, a global coalition of expert ransomware task forces called it a national security threat. The group says governments need to take immediate action to stop secret ransom payments. They also want to put pressure on countries such as Russia, Iran and North Korea, which are regularly accused of harboring ransom-seeking groups.