Biden to discuss Russian ransomware hackers with Putin and suggests Moscow bears ‘some responsibility’

‘There is evidence the actor’s ransomware is in Russia,’ US president says

Danielle Zoellner
New York
@dani__zoellner
Tuesday 11 May 2021 08:42
comments

Related video: Biden says he will speak to Putin on Russian ransomware attack

President Joe Biden has announced he will be speaking to Russian President Vladimir Putin about the Colonial Pipeline cyberattack, given the hackers responsible were a Russia-based ransomware group.

“I’m going to be meeting with President Putin,” Mr Biden said. “So far there’s no evidence from our intelligence people that Russia is involved. Although, there is evidence the actor’s ransomware is in Russia.”

A date and location have yet to be announced for the meeting between Mr Biden and the Russian president. But previously Mr Biden said it was his “hope and expectation” to meet with Mr Putin in June during his trip to the United Kingdom and Belgium for Nato and the G7.

Although there was “no evidence” that the Russian government was involved in the cyberattack on Colonial Pipeline’s operator system, there was an expectation from the Biden administration for Russia to respond.

“They (Moscow) have some responsibility to deal with this,” Mr Biden said. 

DarkSide has been named as being responsible for the attack.

“The FBI confirms that the DarkSide ransomware is responsible for the compromise to the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation,” the FBI said in a statement released on Monday.

DarkSide, a Russia-based ransomware group, was among several criminal gangs responsible for costing Western nations tens of billions of dollars in the last three years.

The group claims to only target large corporations that are not related to medical, educational, or government entities. A portion of the money earned by the group during these ransomware attacks is then donated to charities, DarkSide claims.

Georgia-based Colonial Pipeline, which spans about 5,500 miles along the East Coast, transporting more than 100 million gallons of gasoline and oil a day, first reported the cyberattack to its network on Friday. This attack forced the company to completely shut down its pipeline, causing concern about the potential impact on gasoline prices and supply for southern states.

On Monday, the company released a statement to update the public on the status of restoring full service to the system. 

“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said. 

The company’s operations team is “executing a plan that involves an incremental process that will facilitate a return to service in a phased approach” with “the goal of substantially restoring operational service by the end of the week,” according to the statement.

If the company can restore portions of its pipeline by Wednesday, then the United States would likely experience little to no long-term impact of the ransomware attack.

But if the shutdown continues, southern states will be the first to experience higher gasoline prices, given the region relies most heavily on the pipeline system’s supply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments