https://www.copyright link/companies/financial-services/industry-fund-owned-colonial-pipeline-paid-6-5m-ransom-20210514-p57rv3w w w . a f r . c o m /
Industry fund-owned Colonial Pipeline paid $6.5m ransom
May 14, 2021 – 9.16amIndustry superannuation fund-owned Colonial Pipeline paid $6.5 million to ransomware group DarkSide hours after the major US oil pipeline was crippled by a cyber attack.
According to a Bloomberg report, Colonial paid the ransom, worth $US5 million, to the hacking group last Friday, despite the pipeline owner reportedly saying it had no intention of paying to restore the largest fuel pipeline in the country.
Colonial shut down all four of its major pipelines that service the eastern and south-eastern US as a precaution after it discovered it had been hacked a week ago.
IFM Investors, which is owned by 27 Australian union- and employer-backed industry superannuation funds, owns a 16 per cent stake in Colonial Pipeline, which the infrastructure manager bought in 2007 for $US651 million.
The asset is held in IFM’s $US25 billion Global Infrastructure Fund and IFM is represented on the board of Colonial Pipeline by Jim Wierstra, who is responsible for IFM’s investment operations in North America.
Colonial reportedly paid the ransom to DarkSide in cryptocurrency just hours after the cyber attack, and Bloomberg reported that US officials were told of the payment.
Although Colonial began to restart fuel shipments on Thursday (AEST), the pipeline operator reportedly did not use the decryption tool provided by DarkSide to fix the issue and instead continued to use a third-party cyber security company to resolve the problem as it was seen to be faster than the hacker-supplied fix.
Chairman of the House of Representatives economics committee, Liberal MP Tim Wilson, said his parliamentary inquiry into the superannuation sector would probe the payments.
“The threats of cyber attacks and ransoms are an ever-growing threat, and when Australians’ superannuation savings are overly exposed into unlisted assets it increases the risk they’ll land in the accounts of crooks over citizens,” Mr Wilson said.
“It’s important industry super’s mega fund, IFM Investors, is transparent in the action they’re taking to ensure Australians’ super isn’t funding criminal gangs and the like,” he said.
“We will shortly be putting to IFM Investors questions about these risks and what measures they’ve taken and will be taking into the future to ensure Australian’s superannuation is being invested for retirement citizen’s savings, not underwriting criminal syndicates.”
The vice-president of intelligence at cyber security company CrowdStrike, Adam Meyers, told The Australian Financial Review the DarkSide ransomware has been present for about a year in cyber crime circles.
“We associated DarkSide as a criminal entity we track as CarbonSpider. CarbonSpider has been around since probably 2013 and they were kind of targeting Russian financial organisations, which is generally bad for your health, especially if you live in that region,” he said.
“In 2016, the financial group that was targeting Russia split off and we track that as a different group now. The group that remained was engaged in a lot of targeting of point of sales data, stuff like that, and since last summer (Australian winter)been getting in on ransomware, which is big business for these various threat actors.”
cont' ...
All DYOR