At a glance.
- US Government responds to the Colonial Pipeline ransomware attack.
- Australia, US, warn of Aveddon ransomware.
Update: US Federal response to the Colonial Pipeline ransomware attack.
Bloomberg reports US President Biden’s comments that Russia bears “some responsibility” for addressing the Colonial Pipeline attack, and he’ll be “pursuing a global effort” against ransomware. The Treasury Department is working to develop international standards for cryptocurrency, and if necessary in the short-term, President Biden could pause Jones Act limitations on which ships can transfer goods domestically.
On Monday the FBI officially attributed the attack to DarkSide, according to FCW, which Deputy National Security Advisor for Cyber Anne Neuberger described in a press briefing as a “criminal actor” and “ransomware as a service” provider not currently known to have nation-state ties. The group has been under Federal investigation since last October, and styles itself as principled and “apolitical,” CNBC notes, although it avoids Russian-speaking targets, per Radio Free Europe.
The Cybersecurity and Infrastructure Security Agency is prepping an advisory for critical infrastructure operators, and the FBI has already distributed “indicators of compromise and mitigation measures,” FCW says. The Department of Energy also shared information and advice with oil, gas, and electric utilities.
Last Friday, the Departments of Energy, Defense, Treasury, Transportation, and Homeland Security held an emergency meeting. While Colonial hasn’t requested “cyber support” from the Government at this point, Neuberger said, Federal partners are “standing by” and launching a “whole-of-government” response, according to MeriTalk. This response involves a four point plan to communicate with Colonial, investigate the attack, share information, and combat ransomware.
Congress isn’t sitting this one out, either. Representative Katko (Republican, New York 24th) warned that “substantial Congressional oversight” is on the way. Senator Sasse (Republican of Nebraska) suggested that any infrastructure bill should focus on “hardening of these critical sectors, rather than progressive wish lists masquerading as infrastructure,” and Senator Warner (Democrat of Virginia) observed that “our nation’s cybersecurity hasn’t kept pace with our ever-increasing reliance on digital systems.” Representative Langevin (Democrat, Rhode Island 2nd) is “monitoring [the situation] closely.”
US FBI and Australian Cyber Security Centre flag Avaddon ransomware.
BleepingComputer summarizes the FBI and Australian Cyber Security Centre’s alerts about Avaddon ransomware. Active targets include Government, law enforcement, energy, healthcare, education, transportation, manufacturing, IT, and finance organizations in the US, Australia, UK, Germany, France, Spain, India, UAE, Brazil, China, and other countries. The perpetrators threaten DDoS attacks in the event of non-payment, but haven’t been seen to follow through. First observed in early 2019, Avaddon now runs a ransomware-as-a-service operation that avoids Commonwealth of Independent States (that is, former Soviet Republics that remain in the Russian sphere of influence) targets.