FBI names pipeline cyberattackers as company promises to restore most service this week
Hit by a cyberattack, the operator of a major U.S. fuel pipeline said Monday it hopes to have service mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.
Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems. On Monday, U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not been disrupted, and the company said it was working toward “substantially restoring operational service” by the weekend.
Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victims’ networks, and demand large payments to decrypt it.
The Colonial attack was a potent reminder of the implications of the burgeoning threat. Even as the
Biden administration works to confront organized hacking sponsored by foreign governments, it must still contend with difficult-toprevent attacks from cybercriminals.
“We need to invest to safeguard our critical infrastructure,” President Joe Biden said Monday.
The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy
Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries.
Despite that, the challenge facing the government and the private sector remains immense.
In this case, the FBI said the criminal syndicate whose ransomware was used in the attack is named DarkSide. The group’s members are Russian speakers, and the syndicate’s malware is coded not to attack networks using Russian-language keyboards.
Anne Neuberger, the White House deputy national-security adviser for cyber and emerging technology, said at a briefing that the group emerged just months ago. She said its business model is to demand ransom payments from victims and then split the proceeds, relying on what she said was a “new and very troubling variant.”
She declined to say if Colonial Pipeline had paid any ransom, and the company has not given any indication of that one way or the other.
Neuberger said the administration is committed to leveraging the government’s massive buying power to ensure that software makers make their products less vulnerable to hackers.
“Security can’t be an afterthought,” Neuberger said at a conference on Monday. “We don’t buy a car and only then decide if we want to pay for seatbelts and airbags.”