Russian criminal group suspected in Colonial pipeline ransomware attack

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


WASHINGTON — A Russian criminal group may be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said Sunday.

The group, known as DarkSide, is relatively new, but it has a sophisticated approach to the business of extortion, the sources said.

Commerce Secretary Gina Raimondo said Sunday that the White House was working to help Colonial Pipeline, the Georgia-based company that operates the pipeline, to restart its 5,500-mile network.

The system, which runs from Texas to New Jersey, transports 45 percent of the East Coast’s fuel supply. In a statement Sunday, the company said that some smaller lateral lines were operational but that the main lines remained down.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.

Raimondo said on CBS’ “Face the Nation” that the effort to restart the network was “an all-hands-on-deck effort right now.”

“We are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply,” she said, adding: “Unfortunately, these sorts of attacks are becoming more frequent. They’re here to stay.”

A White House official said Sunday that the Energy Department is leading the government’s response. Agencies are planning for a number of scenarios in which the region’s fuel supply takes a hit, the official said.

On Saturday, Colonial Pipeline blamed the cyberattack on ransomware and said some of its information technology systems were affected. It said it “proactively” took “certain systems offline to contain the threat.”

The company has not said what was demanded or who made the demand.

Although Russian hackers often freelance for the Kremlin, early indications suggest that this was a criminal scheme — not an attack by a nation-state — the sources said.

But the fact that Colonial had to shut down the country’s largest gasoline pipeline underscores just how vulnerable the U.S. cyber infrastructure is to criminals and…

Source…