It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack (https://arstechnica.com/information-technology/2019/05/baltimore-city-government-hit-by-robbinhood-ransomware/), and there's still no end in sight to the attack's impact. It may be weeks more before the city's services return to something resembling normal—manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.

The ransomware attack came in the midst of a major transition at City Hall. Mayor Bernard C. “Jack” Young assumed office officially just days before the attack, after the resignation of former mayor Catherine Pugh, who is facing an ever-expanding corruption investigation. And some of the mayor's critical staff positions remained unfilled—the mayor's deputy chief of staff for operations, Sheryl Goldstein, starts work today.


To top it off, unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018 (https://arstechnica.com/information-technology/2018/03/atlanta-city-government-systems-down-due-to-ransomware-attack/)—Baltimore has no insurance to cover the cost of a cyber attack. So the cost of cleaning up the RobbinHood ransomware, which will far exceed the approximately $70,000 the ransomware operators demanded, will be borne entirely by Baltimore's citizens.
https://arstechnica.com/information-technology/2019/05/baltimore-ransomware-nightmare-could-last-weeks-more-with-big-consequences/

I'd take a hard look at Marlo Stanfield.

I'd take a hard look at Marlo Stanfield.
I think it’s The Greek trying to get his shipments in through the Port Authority.

I think it’s The Greek trying to get his shipments in through the Port Authority.
Bubbles stepping his game up imo

https://compote.slate.com/images/48939c94-94c4-430c-9bd8-d5b46a944694.jpghttps://thehacktoday.com/wp-content/uploads/2016/10/How-to-Hack-a-Computer-System.png

1391039476399583236

1391042636220411904

The U.S. Transportation Department issued an emergency order (https://www.transportation.gov/briefing-room/us-department-transportations-federal-motor-carrier-administration-issues-temporary) in response to the Colonial Pipeline ransomware incident on Sunday; the move allows backed-up inventories of oil and fuel that are sitting in tanks and refineries in Texas and other parts of the country to be transported to New York more quickly via trucks while the pipeline is offline by easing restrictions on drivers.


The emergency move, initially reported by the BBC (https://www.bbc.com/news/business-57050690), eases restrictions on the hours that truck drivers can work. The BBC had initially reported that the government issued a waiver to the Jones Act, which requires that goods shipped between U.S. ports be carried on U.S.-built and -owned ships — that is, vessels that are built, owned and operated by U.S. citizens or permanent residents. ...

Separately, Bloomberg provided new information (https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown?sref=ylv224K8) about the ransomware incident: the attackers stole nearly 100GB of data from Colonial Pipeline before locking some of its computers and servers and demanding a ransom. The attackers have threatened to publish the data online if Colonial doesn’t pay the ransom.

Colonial published an update to its web site (https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption) on Sunday saying that it has put small parts of the pipeline back in service, but the mainlines are still offline.
https://zetter.substack.com/p/biden-declares-state-of-emergency

A source who works for a large midstream oil company that feeds fuel into Colonial’s pipeline told Zero Day that the control systems for his company’s tank farms connect directly to control systems at Colonial Pipeline and that as soon as they learned about the ransomware incident on Saturday, they disconnected those systems to prevent the ransomware from traveling to their systems from Colonial’s networks.


He told Zero Day that his company has had to scramble to figure out what to do with the oil and fuel they have sitting in tanks and that they have received no word from Colonial about when the pipeline will be back online.


“We had a big batch scheduled today [to go to Colonial],” he told Zero Day. Instead they have to figure out other storage options for the fuel or reduce capacity in the refineries feeding the tanks. They also have to keep the material in the tanks moving with mixers or it will “stratify and affect product quality,” he said.


His company was told that Colonial’s main pipelines would “not be fixed in 1-2 days, but won’t take six weeks.” He’s not sure why Colonial would provide such a wide-ranging time period but said it’s “very concerning for our interests.”
“We gotta find storage for refineries [and we] might run out [of storage] it takes too long. Then refineries [will have to] cut back. Problem escalates,” he said.

aka complete bullshit by the oil and gas pigs to inflate prices?

The source who works for the midstream oil company told Zero Day that one reason Colonial might still be keeping the pipelines offline — in addition to needing to add security measures to it — is because “something they need for [restarting] the pipeline is ransomed.”


He thinks this could be the automated ticketing system for billing customers, which is on the corporate IT network that was hit with the ransomware. If that system is locked, Colonial can’t invoice customers automatically, he said.

aka complete bullshit by the oil and gas pigs to inflate prices?

Doubtful. Seems like this would negatively impact oil demand.

1391895925350715399

DC police now


A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down and it will release sensitive information that could put lives at risk if more money is not offered.https://apnews.com/article/police-technology-government-and-politics-53e54780aa080decbb78d5b88d4ff44b

serious doxxing

1392147253561860097

leading to gas shortages in the southeast, too. but unfortunately, much like the toilet paper fiasco of 2020, most of the problems are being caused by people panic-buying and hoarding. a lot of reports of people filling extra canisters with gas in recent days, etc

North Carolina has it particularly bad, but VA is no picnic, and most of the gas stations in our area are having shortages too. we have ~1/2 tank full in both our cars, and i work from home, so im going to hold off as long as i can before scouring gasbuddy to find a place to fill up

crime pays

1392855456314449933

DC Police files hacked

1392225664359702528

Washington D.C. gas shortage reaches critical level (https://www.dw.com/en/washington-dc-gas-shortage-reaches-critical-level/a-57539855)

Just 12% of gas stations in the US capital still have fuel for sale, after cybercriminals forced a shutdown of the nation's largest gasoline pipeline. (https://www.dw.com/en/washington-dc-gas-shortage-reaches-critical-level/a-57539855)



Gasoline deliveries were being made in all of its markets but it would take "several days" to return to normal, Colonial stated.

Energy Secretary Jennifer Granholm pleaded with drivers not to hoard fuel.

"Really, the gasoline is coming,'' she said. "If you take more than what you need, it becomes a self-fulfilling prophecy in terms of the shortages," she said.

1393653444611743746

1394023263802646533

If meat packing wasn’t an oligopoly (JBS is ~20% of global processing) this wouldn’t be such a big deal.

/1399879160659591172

The software in question, Kaseya VSA, is popular among so-called managed service providers, which provide IT infrastructure for companies that would rather outsource that sort of thing than run it themselves. Which means that if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking safe-deposit boxes one at a time and stealing the bank manager’s skeleton key.
So far, according to security company Huntress, REvil has hacked eight MSPs. The three that Huntress works with directly account for 200 businesses that found their data encrypted Friday. I



“This is SolarWinds, but with ransomware,” says Brett Callow, a threat analyst at antivirus company Emsisoft. “When a single MSP is compromised, it can impact hundreds of end users. And in this case it seems that multiple MSPs have been compromised, so …”



BreachQuest's Williams says that REvil appears to be asking victim companies for the equivalent of roughly $45,000 in the cryptocurrency Monero (https://www.wired.com/story/monero-privacy/). If they fail to pay within a week, the demand doubles. Security news site BleepingComputer reports (https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/) that REvil has asked some victims for $5 million for a decryption key that unlocks “all PCs of your encrypted network,” which may be targeted to MSPs specifically rather than their clients.
https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/

grain coops hit


Ransomware attacks on grain coops may just be the start of ag sector security woes
(https://therecord.media/ransomware-attacks-on-grain-coops-may-just-be-the-start-of-ag-sector-security-woes/)