Ransomware Shuts Down US Pipeline

This is a major story: a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. The pipeline supplies much of the East Coast. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it. The White House has declared a state of emergency and has created a task force to deal with the problem, but it’s unclear what they can do. This is bad; our supply chains are so tightly coupled that this kind of thing can have disproportionate effects.

EDITED TO ADD (5/12): It seems that the billing system was attacked, and not the physical pipeline itself.

Posted on May 10, 2021 at 2:17 PM70 Comments


Chelloveck May 10, 2021 3:09 PM

What’s in the articles but not in Bruce’s summary:

  • The ransomware both exfiltrated the data and encrypted it. The threat of public release of the data is in addition to the usual ransomware demand to pay up to get the decryption key.
  • It doesn’t appear that the actual operations computers were attacked. They closed the pipeline “as a precautionary measure”. This suggests that Kurt Seifried’s link may be correct — they can operate the pipeline, but the billing systems are down.

If the above is correct, it’s not exactly a national emergency. It’s a financial crisis for the company, sure, but it sounds like they could resume pumping the oil and eat the financial losses if they so chose.

I still fail to understand why ransomware attacks are catastrophic. Seems like at worst it should be a case of, “Well that sucks, we’re going to lose a couple days while we restore from backup.”

SocraticGadfly May 10, 2021 3:17 PM

@Chellovek In the case of government ransomware of which there’s been multiple incidents in Texas, like the state supremes, it IS a big deal. If you can’t get legal case histories, or in the case of my county’s jail, inmate old records, it DOES screw stuff up.

Anders May 10, 2021 4:55 PM



I’m losing counts here … is this already Guccifer 3.0?
or 4.0?

SpaceLifeForm May 10, 2021 5:43 PM

@ Chelloveck, Clive, ALL

One must test their backup and recovery procedures. Frequently.

Most orgs do not. Bit-rot is a thing.

tfb May 10, 2021 5:47 PM

How did we get here? When did it become obvious to everyone that much worse versions of this were coming down the (ahem) pipe? 2000 has to be a conservative guess: I bet it’s really the 1980s. And what was done to prevent it? Was anything done at all? How long before someone takes all of AWS away or kills all the banks (who probably all are using tools which have privileged access and automatically download vendor updates from a single vendor with the resultant obvious catastrophe lurking) or something equally apocalyptic?

SpaceLifeForm May 10, 2021 5:59 PM

@ Anders, Clive, ALL

In case you missed it in the noise


Speaking of Just-in-Time, Supply Chains, and Texas…


A source who works for a large midstream oil company that feeds fuel into Colonial’s pipeline told Zero Day that the control systems for his company’s tank farms connect directly to control systems at Colonial Pipeline and that as soon as they learned about the ransomware incident on Saturday, they disconnected those systems to prevent the ransomware from traveling to their systems from Colonial’s networks.

He told Zero Day that his company has had to scramble to figure out what to do with the oil and fuel they have sitting in tanks and that they have received no word from Colonial about when the pipeline will be back online.

“We had a big batch scheduled today [to go to Colonial],” he told Zero Day. Instead they have to figure out other storage options for the fuel or reduce capacity in the refineries feeding the tanks. They also have to keep the material in the tanks moving with mixers or it will “stratify and affect product quality,” he said.

His company was told that Colonial’s main pipelines would “not be fixed in 1-2 days, but won’t take six weeks.” He’s not sure why Colonial would provide such a wide-ranging time period but said it’s “very concerning for our interests.”

“We gotta find storage for refineries [and we] might run out [of storage] it takes too long. Then refineries [will have to] cut back. Problem escalates,” he said.

MarqueJaune May 10, 2021 6:17 PM

Ticketing system down, apparently they can only bill costumers manually… so pipeline got shut down…

Looks like it’s the same company (same pipeline?) responsible for this massive spill

Maybe some sloppy engineering going on over there?

SpaceLifeForm May 10, 2021 6:33 PM

@ Anders, Clive, ALL

The odds are strong that FERC, CISA, NSA, FBI, and IRS are ‘ON THIS’, like an immune system responding to a vaccine. (AKA, FOS)

Darkside went too far over their skis.


“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said in a statement.

Anders May 10, 2021 6:41 PM

@SpaceLifeForm @Clive @ALL

Yes, i did read it. The truck drivers shortage is
interesting problem…i wonder how they will resolve
that quick enough?



Etienne May 10, 2021 7:21 PM

Proxy servers should be registered like machine guns. Anyone caught running a proxy server would have 10 years and $50k fine added to their sentence.

Next I would regulate bandwidth into/out of countries declared to be combatants. To the point of shutting them down, if necessary.

I would include satellite Internet systems in this list.

The days of allowing unrestricted Internet access are over.

Secondly, I would make it a federal crime to hook up national infrastructure to the Internet. All such entities should be on a military network, using encryption hardware issued by the NSA.

Fed.up May 10, 2021 8:11 PM


I agree with your ideas but I would go a step further. The tech industry is the only sector in the critical infrastructure that isn’t legally required to “KYC” their customers – validate identify before doing business.

To FB’s credit they even validate their US members.

The MSFT and SolarWinds breaches were executed on public cloud infrastructure in the USA. Like 9/11 our lackadaisical attitude toward securing our infrastructure is enabling it to be used against us.

Money laundering laws don’t only apply to financial services, they are relevant to all financial transactions. I find it incredulous that I cannot get electricity to my home without giving my social security number, but someone can rent AWS services with a gift card.

For those that hate regulations – laws are a result of business making stupid choices and not exercising common sense.

SpaceLifeForm May 10, 2021 11:38 PM

@ Anders, Clive, ALL

Dots. Took some time, but I am confident that colpipe.com uses both AWS and SolarWinds.

Any chance that means nothing? 😉

Robert May 11, 2021 1:37 AM

Ransomware meets the real world (scary stuff)
But lets be honest, this is the holy grail of ransonware because it’s not just about data you forgot to backup.
You’d think that everyone would be so scared that they’d avoid unnecessarily connecting their real time control, or even their systems / billing control to anything even remotely Internet accessible but you’d be wrong.
These days there are all manner of systems connected directly to the internet that are accidents just waiting to happen, or Ransomware opportunities depending on your perspective.

Trouble is that these internet connections seem so logical when you are wanting to monitor large machines from places other then the belly of the large machine. Someone in the service department proves that they can work remotely if they just add a WiFi connection to a …. and they’re right they’ve made their job easier but in the process is they also made it easier for anyone to attack the system and potentially wreak havoc.
Frankly I’m surprised that we haven’t seen more of these attacks, I’m guessing part of the reason is that there’s still so much lower hanging fruit out there that nobody has to work to hard to make a living in the Ransomware business.

Clive Robinson May 11, 2021 2:07 AM

@ Bruce, Etienne, Fed.up, ALL,

This is bad; our supply chains are so tightly coupled that this kind of thing can have disproportionate effects.

It is the logical consequence of not regulating a market.

Basically due to short-termist thinking the US and other Nations that have favoured neo-con thinking over the past third to half century or in some cases longer, have alowed those supposadly in charge to compleatly “hollow out the infrastructure” with near zero maintainence and a compleate disregard for security and safety.

@ Etienne, Fed.up, ALL,

The “ban the technology” solution will not in any way fix the problem, history has taught us that over and over again with more conventional crime. All that will happen is that those involved will just evolve a different stratagem for communications, carrying out their activities and the transfer of finance etc etc.

Oh and as always legislators will be stupid and come out with legislation so broad in scope that they can make you guilty without you having actually done anything (see UK RIPA as an example with similar in Australia, as well as US legislation).

As I keep saying,

1, Technology is agnostic to use.
2, The good or bad of technology use is an entirely human “Point Of View”(POW).
3, The use of technology is entirely dictated by a “Directing Mind”.

Failing to understand any one of these three points has led almost invariably to bad or impossible legislation or regulation, that does not stop the intended problem in any way, the Directing mind simply out evolves it.

But what such bad legislation or regulation does create is hundreds if not thousands of other problems with the result that all such legislation and regulation does more harm to society than the original problem did, by a very long way.

If you want to actually stop these problems then controlling technology is going to fail, no ifs, no buts, no maybees, it fails every time. Historically like all religions and political systems before it the Roman Catholic Church tried it over and over and each time it failed. Likewise arms control and even Weapons of Mass Destruction it all fails, as will any attempt to stop the use of secure communications, or other technology.

The solution is not controling technology but the “Directing Minds”, that is those who actually made the problem in the first place, and legislate / regulate against them. But as they are the ones that make political donations and employ lobbyists to buy the direction of legislation, thus stop their dangerous behaviours from environmental polution, dangerous work place practices, and upwards being made illegal, you are first going to have to stop those backhanders and other inducements.

But “Being tough on technology” will work even less well than “Being tough on crime” which has “failed, failed again, and continues to fail, and will always fail”. Just like most other stupid knee jerk political mantra it’s designed to fail “profitably” for “the chosen few”. It almost always works because people who do not think the problem through fall for every time, thus those responsible walk away with even more “prevention” tax dollars in another endless “War on XXX”. As for those that created the problem in the first place, they will probably get “bailed-out” by tax dollars as well, either directly via regulation to clean up the mess they have created or when disaster strikes they are alowed to get away with it…

Winter May 11, 2021 2:29 AM

“Oh and as always legislators will be stupid and come out with legislation so broad in scope that they can make you guilty without you having actually done anything ”

That is what you get in a police state, e.g., the USA (&UK?).

But there is already cryptocurrency regulation underway.

It is pretty simple, money has to enter and leave the blockchain. Every Bitcoin can be traced back to it’s origin. Any cryptocurrency value which did not come from a KYC money account is blacklisted and cannot be exchanged for fiat currency anymore. Which means that Bitcoin will be split into whitelisted coins traceable to vetted bank accounts and unlisted coins, that no legal businesses will touch.

There will be black market coins, but these will have great difficulties getting back to cash and regular bank accounts.

Will it be perfect, no. But it only has to be less convenient than cash.

PS: Think “Breaking Bad”, where Walter White sat on a cubic meter of dollar bills. The only thing he could think of was to bury it.

Ismar May 11, 2021 3:51 AM

Here we are again, citizens paying for companies mistakes.
Solution is quite easy- force the company to supply free fuel until they fix their payment systems

Winter May 11, 2021 4:50 AM

“Here we are again, citizens paying for companies mistakes.”

Not quite. This is like the Texas Freeze and Hurricane Katrina, the periodical fires in California, or the Western U.S. energy crisis of 2000 and 2001. In all these cases, important infrastructure and utility services were either not maintained to standards or not covered legally to ensure function.

Other areas are, e.g., broadband internet, law enforcement, and basic health care, to name a few orthogonal social and economic needs, which do not serve large sections of the population.

The point being that the US political and legal systems are unable to enforce minimum infrastructure and utility services. Any disruption by weather outliers or other outside interference drives the system to collapse.

Clive Robinson May 11, 2021 5:06 AM

@ Winter,

Any cryptocurrency value which did not come from a KYC money account is blacklisted and cannot be exchanged for fiat currency anymore.

Not true, unfortunately, it’s premised on the notion that all banks will behave to a set of rules put in place by an entity they have no legal or regulatory relationship with. Especially when the banks know that the entity concerned will not play by it’s own rules.

You have to remember the biggest crooks in “money laundering” are “Sovereign Treasuries” and their nominated banks.

Thus the US will set up via the Federal Reserve a bitcoin “black list” as they see fit. But the US Government will move bitcoin from that blacklist for various reasons (effectively asset seizure legislation and the like). Other countries will do the same thus you will end up with “flavours of bitcoin”, just as we have “national fiat currencies”.

So when you consider China mines by far the majority of bitcoin and they also manufacture for or supply raw materials to so many other nations… that their whitlist will probably become the international standard if Bitcoin gets taken seriously.

But also consider what the US thinks it could do with such “blacklist power”. In theory it could see all the Bitcoins held by a national or corporate or provate entity and at the stroke of a keyboard make all their Bitcoins worthless… Do you realy think other Nations would ceed such power to the US? Lets just say it’s unlikely they would more likely make the holding or use of Bitcoin illegal, not just in their jurisdiction but take a leaf out of the US legislators loony two tunes mentality and make it clear their legislation applies “without jurisdictional limits” and back it up with the threat of “Guard Labour” force, at which point Bitcoin investors might start suffering from the crippling effects of “long gun fever”.

Various Governments have tried to put in place “Know Your Customer”(KYC) for many many decades, but ever since the breaking of the Bretton-Woods Gold pricing by bonds it became clear that such control not only can not work, it’s actually undesirable from the neo-con economic perspective.

Back when Tony Blair was PM in the UK, he tried pushing KYC onto banks, and banks threw it straight back again by saying they wanted around 430GBP per new account from the UK Government to meet the proposed UK legislative requirment. So the legislation got watered down.

It did not take identity fraudsters very long to realise how easy it was to get around the rules. In essence all they did was divert mail and reregister one or two basic utilities to their pseudonym having first got an identity document in that pseudonym.

For those a little further up the criminal tree stealing existing but quiesent bank accounts via insiders at call centers “outsourced in other countries” was the way to go.

Another technique is to buy up a limited company or similar and use their banking facilities to leverage other banking facilities.

Whilst seting up a limited company from scratch is not that difficult to do, you can purchase them “off the shelf” some used to come with basic “banking facilities”.

But the current prefered way to do things for many is the “Limited Liability Partnership”(LLP).

There are way to many rules, and thus there are edge and corner cases if not loop holes you can fairly easily exploit if you know what you are doing.

Look up Estonian “e-Passport” rules if you want a real eye opener. I was considering going down that route to have freedom of movment in Europe after Brexit, but decided in the end there was another way to achieve the same thing if I ever needed it.

[1] Identity documents are funny things, supposadly they are all tracable back to a “birth certificate” which is not exactly difficult to get hold of a copy. For obvious reasons birth certificates have no real recognisable bio-metric attached after all rumour has it we all look like “Winston Churchill” when we are born. It’s one of the reasons why Stella Rimington who was head of MI5 upset quite a few politicians and the lobbyists that thought they were going to make billions out of a National ID system, when she said no ID document could ever prove “who you actually are” only “The name it says you are”. Israel for instance, is known to encorage those who emmigrate there, not to revoke their previous national ID, but to “donate” their other nation ID documents to the Israeli Government… But if you know what you are doing and you plan ahead it’s actually not difficult to get a passport in a different name, one way is to get married and change your name, get new accounts in the married name and at some point get divorced having carried on using your old accounts throughout. But there is a fun side to ID documents, what are they? Well just about any “Government Agency” issued document will do. A friend who became bankrupt through no fault of their own when they became “discharged” used the UK Court issued paperwork which has no biometric information to open a new bank account. Apparently the young lady in the bank was surprised and went and saw the manager who OK’d it then and there, she just photocopied it and put it in the file… An interesting point is if you get arrested for some criminal act, if you have no ID and the police can not show you are not who you claim to be, then that is the name you get convicted under. Thus getting a new ID as a “Person legal or natural” is not as hard as it’s made out to be, then getting all the trappings of being a “person” such as driving licence, bank accounts, national security/tax ID, job then follow on. So KYC is a myth and for various reasons always will be in the foreseeable future, to exploit it you just have to know how the rules work, then work them to your advantage.

wiredog May 11, 2021 5:07 AM

I’m sure they have backup and failover systems, I’m also sure they never tested them. Because what if you run a test and the failover fails and then you can’t switch it back? That, at least, was the excuse a (former) contractor for a USG IC system had for not testing it…

Former, because one day the power to the Big Server Room failed.

The $15 relay that was supposed to drop and cause the big diesel generators to start didn’t drop.

The Cisco switch that was supposed to tell the backup site to pick up had never been tested, and was misconfigured.

And a system that was used by the bureau, worldwide, went down without warning. Oops. And we never did determine if any data was actually lost in transit.

Clive Robinson May 11, 2021 5:14 AM

@ Winter, Ismar,

The point being that the US political and legal systems are unable to enforce minimum infrastructure and utility services.

Don’t stop there, go on as to why other countries do not have these same issues…

If they can fix the problem why can the US not fix the problem.

It’s a question every US citizen should be asking their representatives. Just to see what lies prevarications and other tripe if any come back from those they vote for, and are supposed to be accountable to the voters.

Winter May 11, 2021 5:27 AM

” it’s premised on the notion that all banks will behave to a set of rules put in place by an entity they have no legal or regulatory relationship with.”

These new rules will be enforced just as good or bad as the current KYC and AML laws.

All jurisdictions that want to trade with the USA, Canada, Japan, EU, or UK will have to implement and enforce them. All banks that want to trade with these economies will have to obey them.

xcv May 11, 2021 5:30 AM

@ Fed.up

Enough with this crypto BS. Sorry Elon.

Crypto needs to be regulated out of business, then this will stop

Bitcoin, Dogecoin, other cryptocurrencies, sure, regulate them out of business. But now we are left with the basic building blocks of bad crypto like AES and SHA-256/512 whatever, which are no longer adequately secure for “essential” everyday use.

Remember the whole DES saga with weak keys, and the short work of cracking even the 56-bit good keys and the 3-DES hack to extend its lifetime before AES rode in on a white horse?

Sheilagh Wong May 11, 2021 5:39 AM

A precedent for this sort of thing was started with Stuxnet. Did the Americans not think that this would come back at them? True that this was an attack on the industrial capacity of a sovereign state, but so was Stuxnet. If this crime has to be prosecuted and the perpetrators brought to justice then so do the Stuxnet perpetrators need to be brought to justice, and the United States should reveal what it knows. What’s good for the goose is good for the gander.

Winter May 11, 2021 5:53 AM

“But now we are left with the basic building blocks of bad crypto like AES and SHA-256/512 whatever, which are no longer adequately secure for “essential” everyday use.”

I do not understand what you mean here? What is the relation with cryptocurrencies?

Givon Zirkind May 11, 2021 6:26 AM

Chelloveck: Using an analogy from backups and other computer disasters (disk crashes), losing business creates a hit. The loss can be so great as to bankrupt a business. If as you say, the billing information has been lost then, the worst case scenario has occurred.

Givon Zirkind May 11, 2021 6:33 AM

@Etienne well stated. pulling the plug is the best solution. blocking enemy states & friendlies is a necessity. disconnecting, from the internet or whatever, isolation, is a good prevention. and; nsa approved equipment–I assume they won’t be built with Communist Chinese components, correct?

Givon Zirkind May 11, 2021 6:43 AM

@Clive You are right in that “being tough on…” isn’t a solution, but isolation is a valid security measure.

@etienne proposes cutting off bitcoin / anonymous transactions. the idea is akin to what killed pirating. if you can’t dock your boat, what’s the point on pirating? without being able to be paid, what’s the point of ransomware?

Petre Peter May 11, 2021 6:48 AM

I am wondering if this will affect oil prices. Also, I don’t think that nation states will go for ransomeware attacks since they are probably well funded but maybe that’s what they want us to think.

Givon Zirkind May 11, 2021 6:51 AM

One good thing that has come out of this incident is, that Colonial did not pay the ransomware. The debate to pay or not to pay seems to be over. Don’t reward and encourage bad, criminal or terrorist behavior.

Another good thing that has come out is the reversal of DarkSide “that we never intended to harm.” They know they went too far. This is not just a ransomware attack, it is a real serious cyberattack attacking US infrastructure that has many ramifications. Fuel, financial, industrial, transportation–which will affect everything–groceries, framing, healthcare, pharmaceuticals. The repercussions should & could be severe–both to DarkSide and any country giving them safe harbor–if the Biden administration has the spine to do it. In fact, it could lead to a united front to hunt down DarkSide and shut them down with prison sentences. The response to this event will set a precedent.

Givon Zirkind May 11, 2021 7:00 AM

@Wong Stuxnet was different and does not compare to the Colonial Pipeline attack. Stuxnet was a military target and not infrastructure. Stuxnet never asked for ransom nor, wanted ransom. Stuxnet was a subtle, life preserving attack instead of bombing a belligerent nuclear weapons facility. For which the Iranians, ought to take heed and be thankful. Otherwise, one day, someone is going to blow up that reactor and there will probably be lots of collateral damage as well as scientists being killed–intentionally.

Taking out a military research facility or reactor is not the same as shutting down a bridge, the electric grid or; petroleum distribution to the pumps of civilians and; asking for ransom to restore the process.

Frank Wilhoit May 11, 2021 7:20 AM

@Givon Zirkind,

  1. If they say they did not pay, that is pretty hard proof that they paid.
  2. Intentions do not matter. Only modalities matter. You do not protect against intentions; you protect against modalities. Remember the Einstein anecdote about the weapons of World Wars III and IV. It is now clear that the weapon of WW III will be software and that the war will begin and end with a single keypress.

JonKnowsNothing May 11, 2021 11:55 AM

@SpaceLifeForm, @Clive, @All

re: Connected Infrastructure: If one fails they all fail

SpaceLifeForm: at the control systems for his company’s tank farms connect directly to control systems at Colonial Pipeline

Clive: Basically due to short-termist thinking the US and other Nations that have favoured neo-con thinking over the past third to half century or in some cases longer, have alowed those supposadly in charge to compleatly “hollow out the infrastructure” with near zero maintainence and a compleate disregard for security and safety.

In the rear view mirror:

This was predicted and determined to be a failing long ago, when the USA still had manufacturing factories in country. At the start when JIT (Just in Time) Inventory systems became fashionable.

JIT is a inventory storage push back to manufacturers/suppliers. Companies no longer hold their own inventory for long production cycles (months, years) they pushed the storage back up the supply chain. Those companies holding the inventory were able to tack on an additional charge to cover the “Delivery In Time” increasing their bottom line numbers while still holding full-pay contracts for the same goods.

At first there were perpetual rounds of inventory counts, correcting errors in inventory numbers. Lots of ICs/CPUs were stored in desk drawers because the main inventory was unreliable. Periodic “Turn Out Your Desk Drawer” company raids happened and the inventory numbers were a bit cleaner.

Then they added automatic reorder points. If less than X, flag for reorder. The first passes here were manual orders and alert reports, verified by manual audit-spot inventory check. Then came the automated versions.

For trusted suppliers, there came both the automated reorder followed by automated billing and automated payment. (1)

This automated reorder+billing failure where the problem lies. It was known years ago because it ties the customer to a limited number of suppliers, sometimes only 1.

A single point of failure, cascading to every one with a system dependent on that point of failure.

Like other forms of security, it didn’t just get ignored, it got swept under the rug as the velocity of cash flow increased. The velocity of cash fueled the appearance of profitability and our current corporate system pocketed the “surplus” cash in their private off shore accounts.


1, Auto-bill / Auto-pay / Direct Deposit are the common automated systems in use both commercially and by banking individual customers. The upcoming failures will be in “Tap To Pay” systems, designed solely to increase the velocity of money.

lurker May 11, 2021 12:26 PM

@Robert: Ransomware meets the real world (scary stuff)

In the real world this is too soon since Maersk for a workable solution to be found; and that was so long ago the short term profiteers have forgotten it.

Winter May 11, 2021 12:35 PM

“This automated reorder+billing failure where the problem lies. It was known years ago because it ties the customer to a limited number of suppliers, sometimes only 1.”

The deeper problem is that
efficient == fragile

Efficiency is incompatible with robustness. Any ripple in the environment will lead to problems.

Maximizing medium term profits requires maximizing efficiency. In the long term it is inevitable that the most efficient companies will fail first. However, market forces will have wiped out the more robust less efficient parties first, I am afraid.

Clive Robinson May 11, 2021 2:31 PM

@ JonKnowsNothing, Winter,

The velocity of cash fueled the appearance of profitability and our current corporate system pocketed the “surplus” cash in their private off shore accounts.

Back in the early 1990’s having taken a very serious look at “micro/nano” payment systems as a potential MSc thesis I asked the “reader” what I considered at the time a very pertinent question,

“Bearing in mind it is claimed that information will be the new economy, what is the value of information in transit?”

Nearly three decades later with the likes of Bitcoin making just a handfull of bits worth a million dollars most can see why the question was a pertinent one. Back then very few including the reader “grocked it” even when I mentioned “Seniorage” (the intrest earned on money in circulation rather than in savings or loans).

Even back then I was more than aware of what “crypto coins” were and why they were compleatky infeasable for day to day or low value transactions. Look at it this way, cryptography costs CPU cycles which costs both electrical power and poor returns on rapidly devaluing assets, who is going to accept a coin that costs more to process than it’s face value, or even a sizable fractio of it’s face value?

My bet back then was usage of telephone billing systems, which had been optomised to deal with very small value variable accounting costs[1]. But such phone billing systems have more or less gone so I kind of guessed wrong. But even I was supprised when in Iraq and other places “pay as you go phone cards” became the equivalent of cash[2].

The point is that all these “Crypto Coins” are realy pyramid schemes for chancer speculators many of whom “mined” their coins when the generation cost was marginal even on an old PC. But the transaction costs are so high only an idiot would use them for ordinary every day transactions.

Thus they are turning into “Three shell and pea games” where aside from criminal activity where transaction and translation costs are high and bourn by the victim, most other “activity” is in effect “artificial churn” by speculators to “increase the velocity thus perceived value”.

[1] The reason you get free texts and phone calls on mobile phones these days, is variable billing costs are effectively so high they are not worth calculating, let alone collecting, even by monthly Direct Debits. Which are now considered an expense to be got rid of as quickly as possible. Thus you can also expect Mobile Data to become effectively free in that you will get 100GByte or more at fixed rate. Going over at the moment gets swingeing costs such as a two GBP/megabyte likewise “picture messaging”… Which is mainly to pay for the accounting systems thus hard capping or rate limiting is far less expensive and technically way easier to deal with.

[2] Most cards had the advantage that as they actually purchased “units of service” they had an inflation linking mechanism behind them, the same as postage stamps that once used to be used to pay “sales tax” if you purchased a large number of “service” rather than “value” stamps then they were effectively inflation proof. Some years ago I purchaced 100 1st Class stamps when I had a company so not only did I get a third of their value back by reducing tax liability that year, the value back then is now about 1/6th of the cost of a 1st Class stamp today so a way better investment than any other I made at the time (actually they might be worth more, because they are “special commemeration” limited edition stamps)…

Anders May 11, 2021 3:22 PM



Jon May 11, 2021 6:41 PM

@ Winter :

See also W. Gibson’s “Spook Country”. What do you do with a shipping container filled with US$1B in cash?

SpaceLifeForm May 11, 2021 7:06 PM

@ Etienne, Givon

One may not want to shutdown the pipeline when there is good backflow.

SpaceLifeForm May 11, 2021 7:25 PM

@ lurker, Robert

Keep in mind that Maersk had backups, but also keep in mind they got lucky due to a power failure.

The main point to always keep in your mind, is that all of these attacks on infrastructure, are actually attacks in windows software.

If you are dumb enough to only use windows, you should expect to be attacked.

It really is that simple.

lurker May 11, 2021 8:18 PM


But even I was supprised when in Iraq and other places “pay as you go phone cards” became the equivalent of cash.

When was this? In the 1970s I was surprised to be given odd looking “coins” for change in Italy. The Italian phone operator had given up chasing inflation, and sold tokens for pay-phones at a price of whatever it was on the day. Perhaps they didn’t expect shopkeepers to also give up on Italy’s crazy coinage, and use phone tokens. The “face value” was the price of a phone call, and the punter had to be aware of what that was on the day.

Clive Robinson May 12, 2021 2:56 AM

@ lurker,

When was this?

Not long after the neo-con liberators wrecked the place and turned it into a killing ground, where trying to go to the bank would get you high velocity lead poisoning from one side or the other.

Clive Robinson May 12, 2021 3:20 AM

@ SpaceLifeForm, lurker, Robert, ALL,

The main point to always keep in your mind, is that all of these attacks on infrastructure, are actually attacks in windows software.

For now… Windows only admins are dirt cheap and in excess supply, thus “on the cheap infrastructure” os currently a “target rich environment”.

Some of us are old enough to remember back last century when annoying Apple Fanbois used to say “Use a Mac no malware” or similar lack of foresight.

At some point Bill Gates kind of got fed up of the reputation of being “open to all comers” so started tightening things up… Then in part because Macs were now comparatively as easy or easier to attack and Apple Fanbois and others were more ABC1 than your average Windows user, suddenly the Fanbois felt the wind of reality blow up their designer kilts.

As I pointed out back in the 1990’s you have to look at it from an attackers perspective. They are “investing” in their attacks, thus want to see a “return” so they in effect do an ROI calculation, which some mistakenly believe is a “low hanging fruit”(LHF) calculation which it is not, but can look like that when you take the “dot product” of the skills distribution and theor related ROI and “Risk v Reward”(RVR)calculations.

Importantly because we might as well say the honest truth which is,

“All commercial OS/App Systems are vulnerable and will be attacked and owned if connected to a communications network.”

The “Target Rich Environment” just makes “probability” more dominant currently, but that will change as more and more of the more savey criminals realise that “On-Line Crime” has a way better RVR and ROI than “In Person Crime” especially when you can be an “Army of One” and hit tens if not hundreds of thousands of potential targets in the length of time it takes you to get out of bed and out the door in the morning…

Clive Robinson May 12, 2021 5:55 AM

@ Etienne, Givon

A little lite reading for you,


Remember that without privacy that crypto gives us, the society you grew up and live in will be no more, and it will be worse than any Police State or Tyranical Dictatorship you have ever heard of. Just ask someone in their 50’s or older that lived in what was East Germany on the other side of the Berlin Wall, likewise people that lived in other East Eurapean Nations under the old CCCP regimes.

Clive Robinson May 12, 2021 6:41 AM

@ ALL,

It appears that this little self inflicted escapade is waking others up…

In South Korea Minister Moon of the Dept for Trade, Industry and Energy, started the ball rolling on a “deep look” into their energy infrustructure and other critical and semicritical systems,


For those that have been to South Korea you will know that it’s winters can be long and hard.

Also and quite importantly South Korean’s know that the way to keep you feeling warm in your home with lower fuel bills is not to use Central heating wall mounted “radiators” or “convection” systems, but to put it “under the floor”. It’s where I found out that just 14C (57F) is actually quite warm enough as your feet do not get cold. Though in South Korea you should never wear your shoes in the house and also you should not go bare foot or even stocking footed, they have an interrsting variation on slippers you wear. And yes with size 14feet it was a problem getting hold of a pair.

Oh fun fact most Westerners know ehat a “street pizza” is and that they are found on the pavement near bars etc… In South Korea they have a similar issue near Karaoke Bars, and they call them “Kimchi flowers”… They might be “pro-biotic” but you don’t want to accidently tread in one.

SpaceLifeForm May 12, 2021 4:51 PM

@ Clive, ALL

I’m certain I could clean up this mess in a few years with a Multi-billion dollar budget. So I could hire the experienced folk.

They have lost their internal systems knowledge. Lots of contractor jobs available, but they would be dead end, where nothing would really be accomplished.

Their IT is so mismanaged that they failed to upgrade their exchange servers in past month.

Poster-child incompetence.

So, run, run away.


Position Details

Manager, Cyber Security

Atlanta (Alpharetta, GA)

Colonial has provided a wide range of opportunities for job candidates who are highly qualified, skilled, motivated and team players.

[Team players. My team, yeah. Your worthless team, no. Give me the budget so I can fix the problem. I’m going to replace your dead-weight. Not playing games]

SpaceLifeForm May 12, 2021 5:31 PM

@ Clive, ALL

It’s magic. Colonial Pipeline is now back in operation.

All bugs patched. Nothing to see.

Just a flesh wound.

SpaceLifeForm May 12, 2021 10:50 PM

@ Clive, ALL

Well, my offer just went up a Billion dollars, and probably take 4 years. Then again, eighth graders could be bribed with a college scholarship. Enough eighth graders, and maybe we can get this done sooner.

Because it is obvious that an eighth grader can spot problems that for some reason colpipe.com just does not want to address.

Tech audit of Colonial Pipeline found ‘glaring’ problems


“We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.”

How far the company, Colonial Pipeline, went to address the vulnerabilities isn’t clear. Colonial said Wednesday that since 2017, it has hired four independent firms for cybersecurity risk assessments and increased its overall IT spending by more than 50%. While it did not specify an amount, it said it has spent tens of millions of dollars.

[ooooh, I’m so impressed. Not. Any idea how many eighth-graders I could recruit?]

“We are constantly assessing and improving our security practices — both physical and digital,” the privately held Georgia company said in response to questions from the AP about the audit’s findings. It did not name the firms who did cybersecurity work but one firm, Rausch Advisory Services, located in Atlanta near Colonial’s headquarters, acknowledged being among them. Colonial’s chief information officer sits on Rausch’s advisory board.

[My bold. Get the reports you want, no problem]

Colonial says it has strengthened data-loss-prevention defenses with three different software tools that provide alerts when data leaves the network.

[Barn, meet Horse]

Originally founded by nine oil companies in 1962, Colonial is privately held. It’s owners include a pair of private equity firms, a Canadian fund manager, a Koch Industries subsidiary and a subsidiary of Shell Midstream Partners. The company does not release earnings or revenue figures.

SpaceLifeForm May 13, 2021 12:02 AM

@ Anders, Clive

Re the WIFI flaws

Some lawyer that does not know what a crooked PDF is may want to read this.

Because when I mentioned 4-way handshake, response was not expected.

But, my reading says that all WIFI is vulnerable.


Some vulnerabilities can only be exploited while the device under test is connecting to the network, i.e., when it’s executing the 4-way handshake.

Clive Robinson May 13, 2021 12:05 AM

@ SpaceLifeForm,

It’s magic. Colonial Pipeline is now back in operation.

Probably because the story leaking out has some truth behind it…

That is, the story has it that it was not the pipeline or it’s control systems that were attacked. Just some of the “head office admin/accounting” systems… So there was actually no reason[1] to turn the pipeline off from an engoneering, plant, or process perspective.

So the implication is it was managment / accounting at some level that “flipped the off switch” in an abundance of caution or avarice depending on how you want to attribute things[1].

Thus if true from an engineering, plant or process perspective managment could flip the switch back on again any time they wanted to…

But is that realy true? Well… Only up to a point, the laws of thermodynamics and physics actually have rather a lot to say on the matter.

Consider the “bulk thermal mass”, “insulative loss” and the stratification and phase change of the “product” in the pipe line…

Most of those who have read this blog should know that solid wax appears to be a very effective insulator compared to liquid wax. Actually it’s not as such, it’s actually the energy differential for the phase change is very large. It’s why it’s used in “thermal storage batteries” which is what the “pipeline” has in effect become. That is whilst the temprature of the pipeline would hardly have changed, very large amounts of thermal energy would have been released into the environment and the product would start to become increasingly viscous as it goes through phase change.

At some point it would be too viscous to flow sufficiently, that is the pumps would not be able to move the product and thus getting energy back into the pipeline to in effect reduce the viscosity would no longer be possible, and that’s when it is nolonger a pipeline but heavily polluted scrap metal.

I would not want to be the chief engineer who had to walk into the board of directors “crisis meetings” and say,

“Gentlemen, if we do not turn the pumps back on we will soon not be able to do so, and you will not have a pipeline business any more.”

So they would be at a point where “giving the product away for free” would be the most sensible option to keeping the company in buisness.

Likewise the up stream producers would have been on their case for similar reasons. Because shutting plant down to stop it waxing up is a very delicate and expensive process as is starting it all up again especially as the “mechanical effects” due to metals contracting and expanding as they cool down and heat up again is likely to “pop a few seals” at the very least.

Likewise think about storage tanks, most product does not realy change density much as the thermal energy leaves it, unlike water it does not “float up” as it goes through a phase change from liquid to solid at best it starts to form flakes, these need to be “stired back in” but there is a limit to what can be done if too much thermal energy gets out.

So “colour me unsurprised” it’s come back on “like magic”…

It’s a classic example of “entropy in action” and what goes wrong if you make supply chains “too efficient” by making your storage margins too small.

Nature “knows” by the process of evolution in a ransomised enviroment where you have lean times and fat times that you have to alow for them both otherwise you become extinct…

That is you need “spare capacity in the system” to deal with transients in system flow. You know that “internal fat around your organs” doctors tell you about that can be so dangerous to your health but you can not see in the mirror? Well that’s part of your bodies multilayer “spare capacity” system. To prepare you for the “lean time of winter” it “stores the fat of autumn”. The problem, is it is so good at storing, and in our modern society we don’t have the lean times, so it just keeps storing every spare calorie untill it crushes the life’s breath out of you quite literally unles you burn it off in some way… It’s why “fasting is good” but “starvation is bad” because when that fat is gone, your muscles and intetnal organs are in next layers down on the list of “energy stores” your body will use…

So nature “knows” there is an optimum for a reserve in each storage system and it works out to a little over 1/3rd of total capacity[2] ~36.788% of the system over ‘a given period of time’ (it’s actually “e to the minus one”[3]). Move either way from that point and you reduce the ressilience of the system in a “random environment” that has a flat, normal or other balanced distribution of fat and lean periods over ‘a given period of time’.

So your “storage capacity” is actually based on “time” and “through put” thus reducing through put can buy you more time upto a point[4] then you need to switch to alternative modes of operation.

Which is where “union breaking” and “COVID” come into play…

The alternative is to use vehicals to move the “product” but these are expensive as drivers have to live and be healthy. Neo-con mantra says 100% utilisation of resources is what should be achieved. Any fool should know that’s not possible, but hey MBA’s and others appear to think otherwise. In engineering you have annual, decade and hundred year design considerations for “worst scale events”, hence you hear about “hundred year storms”. It’s actually a probabalistic measure based on historical records and you use it as a bench mark for how much resilience to design into a system. As this represents a significant “inefficiency” you can see why “moneymen” hate resilience or anything connected to it. Thus even though the first fall back position for product delivery might be road vehicles the pipeline operators do not want to pay for them so they have “externalised the cost” which means all the way down that line every one is doing the same thing and that means there is absolutly no resilience in the system because all the suitable road vehicles have been reduced in number to just cover a quite short term demand. Thus the fallback might look good on paper, but the reality is “it’s not there” thus it’s not a fall back position but a “dead end” even in normal times. But these are not normal times we have a “hundred year storm” of the medical kind with the COVID pandemic, and something like 25% of the “only just enough for normal demand” drivers are unevailable…

Thus a cynic might conclude that the pipeline managment shut the pipline down quite deliberatly to trigger a “Federal Emergancy Plan” which is what they had effectively externalised their costs onto…

[1] “Twenty twenty hindsight” is a wonderfull thing when you want to attribute blaim, it’s one of the reasons the legal proffession has so much money sloshing around in it.

[2] This is about what you would expect if you thought about an ongoing or continuous process for a moment. If you work out your normal system throughput over a given “period of time” you then provide storage capacity of twice that and keep it half full, so 1/3rd throughput, 1/3rd in store for lean times and 1/3rd spare capacity for fat times. The real question though is “what period of time” to use and that’s a much more interesting set of questions and equations but ~2 times the average lean/fat times usually works as a starting point for any system that can switch from one operational or storage mode to another operational or storage mode for similar basic reasoning.

[3] Why does Euler’s Number “e” pop up in most of these equations well it’s because in the real world things tend to work as “fixed rates of growth” or “in percentages”, like “compound interest”. That is growth is given as say 2% over a time period if you draw this growth out for several time periods you get “exponential growth” which is the same curve you get on your graph from drawing an appropriately scaled “e to the x”,


[4] Which is why you fairly quickly become lethargic or “hit the wall” when you run out of glycogen stores in your liver when you burn energy faster than your body can get fat out of your cells. It’s your bodies way of telling you to “give it time”.

SpaceLifeForm May 13, 2021 2:08 AM

I’m not gung ho on the MFA approach, but, it’s a start. The ‘at rest’ and ‘in transit’ stand out.

Way more to read, but these are some tidbits.


Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).

(a) The Federal Government contracts with IT and OT service providers to conduct an array of day-to-day functions on Federal Information Systems. These service providers, including cloud service providers, have unique access to and insight into cyber threat and incident information on Federal Information Systems. At the same time, current contract terms or restrictions may limit the sharing of such threat or incident information with executive departments and agencies (agencies) that are responsible for investigating or remediating cyber incidents, such as the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other elements of the Intelligence Community (IC).

(i) Within 90 days of the date of this order, the Director of OMB, in consultation with the Secretary of Homeland Security acting through the Director of CISA, and the Administrator of General Services acting through FedRAMP, shall develop a Federal cloud-security strategy and provide guidance to agencies accordingly. Such guidance shall seek to ensure that risks to the FCEB from using cloud-based services are broadly understood and effectively addressed, and that FCEB Agencies move closer to Zero Trust Architecture.

(d) Within 180 days of the date of this order, agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.

Sec. 4. Enhancing Software Supply Chain Security.

(a) The security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions. The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors. There is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended. The security and integrity of “critical software” — software that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources) — is a particular concern. Accordingly, the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.

Clive Robinson May 13, 2021 2:48 AM

@ SpaceLifeForm,

Take a second look at,

“agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent “


I see no comma…

Thus it actually says both,

1, Multi-Factor Authentication(MFA).
2, Multi-Factor Encryption(MFE).

Are to be used, that will be fun, as most vendors will get MFE more badly mucked up than they have with MFA requirments on auditors check lists (remember the “But two passwords are MFA” or even better “But a secret username and password are MFA”).

Keith May 13, 2021 10:13 AM

I simply don’t understand how this is more than a procedural inconvenience.

The billing software is down… but gasoline is still a physical product.
And, according to reports, the actual pipeline and its systems are unaffected.
This means that there is still such a thing as a physical inventory.
This means that the billing could be handled physically as well.

Someone could actually count how many trucks are filled, or how many gallons are pumped into which tanks, then send the bills out next week when the system is back up. In fact, since they claim that the pipeline and its systems are not actually compromised, I’m sure those systems do track exactly how many gallons of fuel go where. Or, if that’s too much trouble, they could really go “old school” – and simply make the same deliveries as last week and bill everyone the same amount as last week.

(And, if they’d done so, then they could have avoided interrupting shipments, avoided news stories about a supply shortage, and avoided the run on fuel…. so the narrative could have been: “We’ve been hacked, but ONLY the billing systems have been affected, and supplies are continuing as usual… so don’t worry about it.)

The main problem, as I see it, is that the systems are now so tightly coupled. In the past, if the computer at your local supermarket was down, then you would have simply been required to pay in cash that day. Nowadays, the cash registers don’t work, the shelves can’t be restocked “by hand”, and there’s a fair chance the doors and lights won’t even work… and the option to “just do it by hand until the computers are fixed” is no longer an option.

they could “just make the same deliveries as last week and send everyone the same estimated bill”.)

Moses May 13, 2021 10:23 AM

You really think the pipelines were hacked, effecting mostly red states, that aren’t big on COVID lockdowns? You don’t find it weird that the gov of Michigan is closing the Enbridge pipeline? Or the firecrackers going off in Israel from Hamas, friends of Mossad? Which will ultimately drive up war tensions and oil prices further?

I love the “y’all” “folks” and “Jesus”. Cool angle.

Anders May 13, 2021 4:00 PM

They presumably paid 5 million.


SpaceLifeForm May 13, 2021 4:59 PM

@ Frank Wilhoit, Anders, Clive, ALL

“If they say they did not pay, that is pretty hard proof that they paid.”

As expected.

Also, as expected, Bloomberg was fed misinformation.

It was 75 Bitcoin, on Monday, not Friday.

It took colpipe a while to realize that their cash flow was hemorrhaging over $5 million per day anyway.

So, it was a no-brainer decision.

But, it will not surprise me that it was not actually colpipe that really paid the ransom.

And, why is the decryption process so slow that colpipe is going to backups anyway?

Lazy ransomware attackers did not do proper testing.

anders May 13, 2021 5:17 PM

@SpaceLifeForm @Clive @ALL



IF this is Russian government hack (and i think it is),
then Russians found a nice way how to circumvent sanctions.

SpaceLifeForm May 13, 2021 6:16 PM

@ Anders, Clive, ALL

Re: circumvent sanctions

So they believe.

As I said, it may not be colpipe that actually paid the ransom.

Must follow the money laundering across the Bitcoin ledger.

Anders May 13, 2021 6:31 PM

@SpaceLifeForm @Clive @ALL


There’s one interesting bit – F-Secure C3

So good guys (F-Secure) create adversary C2 simulation tool
and then bad guys take this and use for bad things?
How funny can it be? I think they should send a cake to F-Secure
to say thanks!


SpaceLifeForm May 13, 2021 11:21 PM

@ Clive, ALL

Another supply chain problem. Just a flesh wound.

I think I could ‘fix’ it with photoshop.


This ‘crack’ has obviously been there many, many years, and the inspectors were clearly negligent. There is no way it just happened since last September.

The bad side-effect is the supply chain blockage on the Mississippi River underneath.

The I-40 bridge is considered at risk of imminent failure. It is nearly 50 years old, which is considered max lifetime for a bridge even with excellent maintenance.

Note to media: Please stop referring to it as a ‘crack’.

SpaceLifeForm May 13, 2021 11:46 PM

@ Clive, ALL

Clarification: 50 years for a truss-style bridge.

Which a lot of bridges in the US are of that design.

Clive Robinson May 14, 2021 1:10 AM

@ SpaceLifeForm,

Which a lot of bridges in the US are of that design.

Funny, we’ve shipped you one of our old second hand bridges over a little over fifty years ago as an example of longer lived designs from back nearly two hundred years ago. I hear it is still reliably doing it’s function as a bridge, despite what the song might lead you to believe.

Oh I think it is still the largest “antique” ever shipped to the US 😉


And yes I did walk across it many many years ago when it was “sinking” not “falling” down following some sheep that were being driven across one of those quirky traditions to “maintain a right” of “freemen” it’s still done annually (this year 26th Sept). Back in time Freemen of the City were additionallt given three other privileges:

1, They could carry a sword in public.
2, If they were to be hung, they were allowed a silken noose.
3, If found “rascally drunk or incapable” on the streets, they would be sent home in a cab, rather than chucked into a crowded cell with common drunks for the night.

Due to other peculiarities of such things some Freemen of the City of London have the title bestowed on them via the Guilds of the City of London, for various reasons, oh and other “oiks” by inheritance of trade etc 😉


Scarily Bill Gates is a Freeman of the City of London…

SpaceLifeForm May 14, 2021 2:07 AM

@ Anders, Clive, ALL

I’m smelling the same Orion and AWS dots.

The ransomware operators tell the victim to use better AV, 2FA, and backup to tape.


Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Clive Robinson May 14, 2021 2:34 AM

@ SpaceLifeForm, ALL,

From the article a Brenntag Spokesperson said,

“As soon as we learned of this incident, we disconnected affected systems from the network to contain the threat.”

Talk about “shutting the stable door after…”.

As I’ve mentioned before almost my first question when called upon for advice is,

“What is the business case for this computer to be connected to a public neywork?”

I’ve yet to hear a truly valid reason that is not compleatly compromised in some way. But mostly the replies are based on “arm waving and MBA mantras”.

Let me put it this way, if I asked a Bank,

“What is the business case,for having this vault stuffed with valuables having a propped open back door to the street 24×7?”

What sort of answer do you think I’d get?

The reality is very very few uset computers need a conbection to the Internet, and next to no repository servers should be connected.

Companies should think about switching from a “permiso” to “non permiso” policy just as they mostly do with physical security…

Z.Lozinski May 14, 2021 4:27 AM

Looks like the ransomware thing is spreading. RTE (the Irish State Broadcaster) is reporting that one of Dublin hospitals (the Rotunda, a maternity hospital) is closed today due to a ransomware attack. The National Maternity Hospital is also being disrupted. Mothers due to give birth are still ok to attend.

“HSE Chief Executive Paul Reid said it is working to contain a very sophisticated human-operated ransomware attack on its IT systems.

Speaking on RTÉ’s Morning Ireland, he said that the cyber attack is impacting all national and local systems involved in all core services.” [via RTE news].

From a security point of view health IT systems are a soft target. Attacking healthcare IT, and putting lives at risk, makes those responsibe a target for everyone. Look at the response to WannaCry, when Microsoft patched out-of-support products and the US cybersecurity agencies got involved.

Leads one to ask what the motive is?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.