Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThe Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms
Link to tweet
Tweet text:
Dan Golden
@DanLGolden
Turns out the Ransomware Hunting Team (which Renee Dudley and I are writing a book about) found a flaw in DarkSide's code and built a tool that could have rescued Colonial Gas. But an antivirus company publicized the same flaw, and DarkSide fixed it.
The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms
Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus companys announcement alerted the hackers.
propublica.org
7:48 AM · May 24, 2021
Dan Golden
@DanLGolden
Turns out the Ransomware Hunting Team (which Renee Dudley and I are writing a book about) found a flaw in DarkSide's code and built a tool that could have rescued Colonial Gas. But an antivirus company publicized the same flaw, and DarkSide fixed it.
The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms
Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus companys announcement alerted the hackers.
propublica.org
7:48 AM · May 24, 2021
https://www.propublica.org/article/the-colonial-pipeline-ransomware-hackers-had-a-secret-weapon-self-promoting-cybersecurity-firms
On Jan. 11, antivirus company Bitdefender said it was happy to announce a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the U.S. and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.
But Bitdefender wasnt the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that new companies have nothing to hope for.
Special thanks to BitDefender for helping fix our issues, DarkSide said. This will make us even better.
DarkSide soon proved it wasnt bluffing, unleashing a string of attacks. This month, it paralyzed the Colonial Pipeline Co., prompting a shutdown of the 5,500 mile pipeline that carries 45% of the fuel used on the East Coast, quickly followed by a rise in gasoline prices, panic buying of gas across the Southeast and closures of thousands of gas stations. Absent Bitdefenders announcement, its possible that the crisis might have been contained, and that Colonial might have quietly restored its system with Wosar and Gillespies decryption tool.
*snip*
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
1 replies, 643 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (1)
ReplyReply to this post
1 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
The Colonial Pipeline Ransomware Hackers Had a Secret Weapon: Self-Promoting Cybersecurity Firms (Original Post)
Nevilledog
May 2021
OP
lets not forget that the pipeline remained secure and functional, colonial shut it down..
getagrip_already
May 2021
#1
getagrip_already
(14,837 posts)1. lets not forget that the pipeline remained secure and functional, colonial shut it down..
Because it wouldn't be able to bill for transport if they kept it running.
It was a financial decision, not a security based decision. The same bean counters who wouldn't provide budget to secure their network in the first place.