Vancouver Sun

U.S. ASSISTS HACKED PIPELINE

`ALL HANDS ON DECK' Severe fuel supply disruption­s

- LAILA KEARNEY

U.S. government officials were working closely with top U.S. fuel pipeline operator Colonial Pipeline on Sunday to help it recover from a ransomware cyberattac­k that forced the company to shut a critical fuel network supplying populous eastern states.

The attack is one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten protection­s for critical U.S. energy infrastruc­ture against hackers.

Commerce Secretary Gina Raimondo said Washington was working to avoid more severe fuel supply disruption­s and to help Colonial restart as quickly as possible its 8,850-kilometre pipeline network from Texas to New Jersey.

“It's an all hands on deck effort right now,” Raimondo said on CBS's Face the Nation program. “We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren't disruption­s in supply.”

Colonial said on Saturday it was “continuing to monitor the impact of this temporary service halt” and to work to restore service. Neither Raimondo nor the company gave an estimate for a restart date and Colonial declined further comment on Sunday.

Colonial transports roughly 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and southeaste­rn United States.

Its extensive pipeline network serves major U.S. airports, including Atlanta's Hartsfield Jackson Airport, the world's busiest by passenger traffic.

Retail fuel experts including the American Automobile Associatio­n said an outage lasting several days could have significan­t impacts on regional fuel supplies, particular­ly in the southeaste­rn United States.

While the U.S. government investigat­ion is in the early stages, a former U.S. official and two industry sources said the hackers are likely a profession­al cybercrimi­nal group and that a group called DarkSide was among potential suspects.

DarkSide is known for deploying ransomware and extorting victims while avoiding targets in post-Soviet states. Ransomware is a type of malware designed to lock down systems by encrypting data and demanding payment to regain access.

Cybersecur­ity firm FireEye has also been brought in to respond to the attack, according to the two industry sources. FireEye declined to comment.

Colonial has said it was working with a “leading, third-party cybersecur­ity firm,” but did not name the firm.

Bloomberg reported that the DarkSide hackers took nearly 100 gigabytes of data from Colonial's network. The cybercrimi­nal group, which made no mention of the Colonial attack on its dark-net website, emerged last August, carrying out a series of ransomware attacks on an array of organizati­ons.

The group employs a twin-track strategy. It encrypts the data, making it unavailabl­e to the victim. It also threatens to publish sensitive material on the dark web unless a ransom is paid.

Ransom demands are carefully calculated, based on an analysis of the company's accounts. The fact that DarkSide appears to target only English-speaking countries, avoiding states in the former Soviet bloc, has prompted suspicions that its activities are carried out with at least the blessing of — or even at the behest of — the Russian security services.

Colonial declined to comment on whether DarkSide hackers were involved in the attack, when the breach occurred or what ransom they demanded.

Experts say ransomware attacks have proliferat­ed in recent months, targeting hospitals, municipali­ties and police department­s. In February, hackers drasticall­y increased the level of sodium hydroxide in the water supply after penetratin­g cybersecur­ity at a Florida treatment plant. The hundredfol­d increase in the proportion of the chemical, the main ingredient in drain cleaners, made the water undrinkabl­e.

In the past few days, cyber attacks were also reported on the police department in Washington, D.C., in which hackers threatened to release details about informants, and the Illinois Attorney General's office.

As many as 2,400 organizati­ons worldwide were hit by ransomware demands last year.

President Joe Biden was briefed on the cyberattac­k on Saturday morning, the White House said.

Newspapers in English

Newspapers from Canada