US says ‘Russia-based’ group DarkSide behind pipeline hack

US says ‘Russia-based’ group DarkSide behind pipeline hack
After a cyber attack, Colonial said it was moving toward a partial reopening of its pipeline system -- the largest fuel network between Texas and New York

After a cyber attack, Colonial said it was moving toward a partial reopening of its pipeline system

WASHINGTON, May 11 (NNN-AGENCIES) — President Joe Biden said that a Russia-based group was behind the ransomware attack that forced the shutdown of the largest oil pipeline in the eastern United States.

The FBI identified the group behind the hack of Colonial Pipeline as DarkSide, a shadowy operation that surfaced last year and attempts to lock up corporate computer systems and force companies to pay to unfreeze them.

“So far there is no evidence … from our intelligence people that Russia is involved, although there is evidence that actors, ransomware is in Russia,” Biden told reporters.

“They have some responsibility to deal with this,” he said.

Three days after being forced to halt operations, Colonial said it was moving toward a partial reopening of its 8,850 kilometres of pipeline – the largest fuel network between Texas and New York.

At the White House, Deputy National Security Advisor Elizabeth Sherwood-Randall said Biden was being kept updated on the incident, which threatened to crimp supplies of gasoline, diesel fuel and jet fuel across much of the eastern United States.

Colonial said in a statement that “segments of our pipeline are being brought back online.”

“Colonial has told us that it has not suffered damage and can be brought back online relatively quickly,” Sherwood-Randall said, with no fuel disruptions so far.

The ransomware forced the company to shut down pipeline controls system for safety reasons.

DarkSide began attacking medium and large-sized companies mostly in Western Europe, Canada and the United States last year, reportedly asking for anywhere from a few hundred thousand dollars to a few million dollars, to be paid in Bitcoin.

In return, DarkSide supplies the company with a program that will unlock its computing systems.

They also download and retain large amounts of data from the company, threatening to release it publicly if the company does not pay up.

In a statement on their website on the dark net, they rejected allegations that they had any official backing.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” it said.

“Our goal is to make money, and not creating problems for society.”

Anne Neuberger, deputy national security adviser for cyber, said most ransomware comes from transnational criminal groups.

Asked if Colonial Pipeline or other companies should pay the ransom, she said the Biden administration has not offered advice on that.

“They have to balance the cost-benefit when they have no choice with regard to paying a ransom,” she said. “Typically that is a private sector decision.” — NNN-AGENCIES

administrator

Related Articles