U.S. ASSISTS HACKED PIPELINE
`ALL HANDS ON DECK' Severe fuel supply disruptions
U.S. government officials were working closely with top U.S. fuel pipeline operator Colonial Pipeline on Sunday to help it recover from a ransomware cyberattack that forced the company to shut a critical fuel network supplying populous eastern states.
The attack is one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten protections for critical U.S. energy infrastructure against hackers.
Commerce Secretary Gina Raimondo said Washington was working to avoid more severe fuel supply disruptions and to help Colonial restart as quickly as possible its 8,850-kilometre pipeline network from Texas to New Jersey.
“It's an all hands on deck effort right now,” Raimondo said on CBS'S Face the Nation program. “We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply.”
Colonial said on Saturday it was “continuing to monitor the impact of this temporary service halt” and to work to restore service. Neither Raimondo nor the company gave an estimate for a restart date and Colonial declined further comment on Sunday.
Colonial transports roughly 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-atlantic and southeastern United States.
Its extensive pipeline network serves major U.S. airports, including Atlanta's Hartsfield Jackson Airport, the world's busiest by passenger traffic.
Retail fuel experts including the American Automobile Association said an outage lasting several days could have significant impacts on regional fuel supplies, particularly in the southeastern United States.
While the U.S. government investigation is in the early stages, a former U.S. official and two industry sources said the hackers are likely a professional cybercriminal group and that a group called Darkside was among potential suspects.
Darkside is known for deploying ransomware and extorting victims while avoiding targets in post-soviet states. Ransomware is a type of malware designed to lock down systems by encrypting data and demanding payment to regain access.
Cybersecurity firm Fireeye has also been brought in to respond to the attack, according to the two industry sources. Fireeye declined to comment.
Colonial has said it was working with a “leading, third-party cybersecurity firm,” but did not name the firm.
Bloomberg reported that the Darkside hackers took nearly 100 gigabytes of data from Colonial's network. The cybercriminal group, which made no mention of the Colonial attack on its dark-net website, emerged last August, carrying out a series of ransomware attacks on an array of organizations.
The group employs a twin-track strategy. It encrypts the data, making it unavailable to the victim. It also threatens to publish sensitive material on the dark web unless a ransom is paid.
Ransom demands are carefully calculated, based on an analysis of the company's accounts. The fact that Darkside appears to target only English-speaking countries, avoiding states in the former Soviet bloc, has prompted suspicions that its activities are carried out with at least the blessing of — or even at the behest of — the Russian security services.
Colonial declined to comment on whether Darkside hackers were involved in the attack, when the breach occurred or what ransom they demanded.
Experts say ransomware attacks have proliferated in recent months, targeting hospitals, municipalities and police departments. In February, hackers drastically increased the level of sodium hydroxide in the water supply after penetrating cybersecurity at a Florida treatment plant. The hundredfold increase in the proportion of the chemical, the main ingredient in drain cleaners, made the water undrinkable.
In the past few days, cyber attacks were also reported on the police department in Washington, D.C., in which hackers threatened to release details about informants, and the Illinois Attorney General's office.
As many as 2,400 organizations worldwide were hit by ransomware demands last year.
President Joe Biden was briefed on the cyberattack on Saturday morning, the White House said.