The Federal Bureau of Investigation had blamed the weekend shutdown of the pipeline on a group called the DarkSide. The shutdown had affected gas supply in parts of the East Coast with reports of people waiting for hours at filling stations.
President Biden said on Monday: “I’m going to be meeting with President Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there’s evidence that the actors’ ransomware is in Russia.” He added that: “They have some responsibility to deal with this.”
The Colonial Pipeline was hit with a ransomware attack that the FBI says began on Thursday. The hackers stole some 100 gigabytes of data in a double-extortion scheme.
The FBI identified Darkside as responsible for the ransomware attack. In a statement, the agency had said: “The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.”
Colonial Pipeline on Monday said that it was partially opening its 5,500 miles [out of the 8,850 miles] of the pipeline — which is the largest fuel network between Texas and New York. Colonial Pipeline had to stop operations for three days due to the ransomware attack. In a statement to the media, it said that “segments of our pipeline are being brought back online.” Colonial added that it is aiming for “substantially restoring operational service by the end of the week.”
Elizabeth Sherwood-Randall, the Deputy National Security Advisor, told the media that Mr Biden was being kept updated on the incident. She said: “Colonial has told us that it has not suffered damage and can be brought back online relatively quickly with no fuel disruptions so far.”
Colonial Pipeline, after the attack, said in the statement that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
Meanwhile, on their website on the dark net, DarkSide has rejected any allegations of having an official backing.
DarkSide began attacking medium and large-sized companies last year asking for anything from a few hundred thousand dollars to a few million dollars — to be paid in Bitcoin, the cryptocurrency.
Cybereason, a security company based in Boston wrote on their website that Darkside focuses “on targets in English-speaking countries” and avoids operations in former Soviet bloc countries. It sells its ransomware, a model known as ransomware as a service, and maintains a help desk for negotiations with victims.
It added: “This gang appears to have a code of conduct that prohibits attacks against hospitals, hospices, schools, universities, non-profit organisations and government agencies. No doubt that code of conduct is an effort to establish a level of trust and confidence in victims to enhance the likelihood that they’ll pay.”
Meanwhile, on their website on dark-net, DarkSide said: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other motives.” It added: “Our goal is to make money, and not creating problems for society.”
But Dmitri Alperovitch, a cybersecurity experts, who co-founded the firm CrowdStrike, believes the group has Russian backing.
He tweeted: “A ransomware group we believe is operating (and likely harboured) by Russia has shut down a company that is moving 45 per cent of petroleum supplying the East Coast. Is it a criminal act? Sure.” He said it also “undoubtedly” has “huge” national security implications, especially in US-Russia relations.
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies