WASHINGTON – A Russian criminal group could be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said on Sunday.
The group, known as DarkSide, is relatively new but has a sophisticated approach to the extortion business, the sources say.
Commerce Secretary Gina Raimondo said on Sunday that the White House was working to help Colonial Pipeline, the Georgian company that operates the pipeline, restart its 5,500-mile network.
The system runs from Texas to New Jersey and carries 45% of the East Coast fuel supply. In a statement on Sunday, the company said some smaller sidelines were operational, but the main lines remained down.
“We are in the process of restoring service to other laterals and will only bring our complete system back online when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.
Speaking on CBS’s “Face the Nation,” Raimondo called for the effort to reboot the network “an effort of all hands on the bridge at the moment. “
“We are working closely with the company, national and local authorities, to ensure that they return to normal operations as quickly as possible and that there are no disruptions in supply.”
She added: “Unfortunately, these types of attacks are more and more common. They are here to stay.
A White House official said on Sunday that the Energy Department was leading the government’s response to the attack. The agencies are predicting a number of scenarios in which the region’s fuel supply takes a hit, the official said.
Colonial Pipeline on Saturday blamed the cyber attack on ransomware and said some of its computer systems were affected. He added that he had “proactively” taken “certain systems to contain the threat” offline.
The company did not say what was requested or who requested it.
Although Russian hackers are often independent for the Kremlin, early indications suggest it was a criminal ploy – not a nation-state attack, the sources said.
But the fact that Colonial had to shut down the country’s largest gas pipeline shows how vulnerable America’s cyber infrastructure is to criminals and domestic adversaries, such as Russia, China and Iran, experts say.
“It could be the most impactful ransomware attack in history, from a cyber disaster turning into a real disaster,” said Andrew Rubin, CEO and co-founder of Illumio, a cybersecurity company.
“It’s an absolute nightmare, and it’s a recurring nightmare,” he said. “Businesses continue to rely and fully invest in detection as if they can prevent all breaches from happening. But this approach misses attacks over and over again. Before the next inevitable breach, the President and Congress must act on our shattered security model. “
If the culprit turns out to be a Russian criminal group, it will underline that Russia is giving free rein to criminal hackers who target the West, said Dmitry Alperovich, co-founder of cyber-company CrowdStrike and now executive chairman of a group. think tank, the Silverado Policy Accelerator.
“Whether they work for the state or not is increasingly irrelevant, given Russia’s obvious policy of harboring and tolerating cybercrime,” he said.
According to a leading Reuters cybersecurity reporter, DarkSide has its own dark web website which claims the group has made millions through cyber extortion and features an array of data leaked by victims who have not paid. ransom.
Tim stelloh and The Associated Press contributed.