Rob Shapland, Head of Innovation, joined the BBC World Service’s Newsday programme talking about the latest cyber attacks on oil infrastructure organisations in Europe on 7th February 2022.
Here’s what Rob had to say on who might be behind the attacks and the ransomware methods used by the hacking groups:
Business news with Andrew Wood reporting from Hong Kong. Says here cyber Attacks are sweeping across Europe?
Andrew Wood (AW): Certainly there have been attacks in oil distribution facilities in Germany and there have been more instances reported in Belgium and the Netherlands. Let’s talk now to Rob Shapland and he’s head of cyber innovation at Falanx Cyber, good morning to you Rob. Do we know who is who is behind this? We might not even be talking about one person. Who are behind these attacks in Europe?
Rob Shapland (RS): Morning Andrew, well we have some idea of who might be. So there’s a group known as Black Cats, they always have these funny monikers, and they are a Russian speaking hacking group. Now, I’m not going say they’re Russian but they’re Russian speaking. They appear to be the perpetrators of this hack at the moment targeting these oil facilities.
AW: Talking about these oil facilities, presumably at the moment if you want to make mischief this is a good time to do it because people might think that it’s the Russians doing it. You know the actual Russian government perhaps over Ukraine.
RS: Exactly. Exceedingly good time to do it obviously with the Russia-Ukraine tensions and then a Russian speaking group doing it and disrupting what we call critical national infrastructure so oil, transportation facilities, etc. It’s a very, very good time to do it.
And ransomware is completely designed to be disruptive, not only do you make money from it, also cripples companies – stops them working and that can happen for weeks even months for the companies to recover.
AW: And are they recovering quickly though? You say it could take months with them to recover. Are these oil distribution facilities bouncing back?
RS: So they appear to be parts of the facilities are affected – not all of them. The effects so far has not been incredibly disruptive. The problem we’re seeing is that it’s targeting multiple places and that can indicate a co-ordinated attack or it can indicate that perhaps a piece of software that these coming use have been compromised and therefore that’s affecting all of those companies simultaneously so if that expands and if that tactic continues that could be very disruptive to many, many companies.
AW: Now last year in the United states the colonial pipeline, a very important pipeline in the eastern United States, was closed down by hackers. Is this the same sort of thing? Or was it a different style of attack?
RS: No this is very similar to what happened with the colonial pipeline, in fact some of the people perpetrated this insert may be linked to the groups that the colonial oil pipeline attack as well. It’s the same sort of style of ransomware, slightly more advanced version, and it also has a kind of new tactic built into it. Ransomware affectively just encrypts the entire network, all the data it confined and then demand a ransom payment for it. This one combines two extra techniques – the first one is to steal data from the company and threaten to release it if you don’t pay the ransom fee. The third technique is something called denial of service where you effectively knock all the internet-facing systems of that company offline and keep them offline.
You’ve got this three pronged attack where you’re demanding money to stop all this happening. This is kind of an evolution of ransomware where it changes all the time as authorities and companies get better at defending, the attackers get better at what they are doing as well. They’re using this three pronged attack to force payment causing much disruption as possible.
AW: Ok, Rob Shapland at Falanx Cyber thanks very much for joining us on Newsday.