The FBI on Monday blamed a hacking group for a cyberattack that took down the main pipeline carrying gas to the densely populated East Coast, provoking worries about the vulnerability of critical systems. The law enforcement agency, which is investigating the May 7 hack, pinned responsibility on Darkside, a group that reportedly develops ransomware and sells it to other outfits.
“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks,” the agency said in a statement. “We continue to work with the company and our government partners on the investigation.”
Colonial Pipeline, which operates pipes that carry refined petroleum products like gas and diesel for cars and trucks, jet fuel, heating oil for homes and fuel for the military, halted all pipeline operations after the hack. It also took “certain systems offline to contain the threat.”
The pipeline remained closed on Monday, but the company said in a statement that it’s aiming for “substantially restoring operational service by the end of the week.”
The shutdown increases alarm about cyberattacks on key infrastructure systems amid the use of ransomware in criminal activities. In ransomware schemes, attackers use code to seize control of a computer system and then demand money to unlock it. The worldwide WannaCry ransomware attacks in 2017, for instance, locked up computer systems at hospitals, banks and phone companies. And city governments in the US, including Baltimore’s, have been hobbled by ransomware assaults as well.
Attacks like the one on Colonial also worry observers concerned about cyberwarfare tactics such as Russia’s shutdown of part of Ukraine’s power grid in 2015, and reports that a Russian government-sponsored group called Dragonfly or Energetic Bear gained access to control rooms of US electric utilities in 2017. The US military has also reportedly aimed cyberattacks at Russia’s electrical grid and Iran’s missile systems.
More recently, fears about Russian cyber-espionage were stoked by the massive SolarWinds hack, which used tainted software from the IT management company to penetrate multiple US federal agencies and at least 100 private companies. In April, US President Joe Biden signed an executive order imposing a range of retaliatory measures against Russia in the SolarWinds exploits.
Colonial connects refineries in the Gulf Coast and elsewhere with customers in the Southern and Eastern United States. Its pipeline system covers more than 5,500 miles and carries more than 100 million gallons of fuel per day, making it the biggest refined products pipeline in the US, according to the company.
First published on May 8, 2021 at 10:48 a.m. PT.
Last week’s ransomware attack on Colonial Pipeline, in addition to February’s winter storm in Texas, exposed the US energy infrastructure’s vulnerability to cyberattacks.
On Friday, the operator of Colonial Pipeline, the largest fuel pipeline in the US, fell victim to a ransomware attack and ceased all pipeline operations. Three days later, it’s still offline, but the company said Monday it expects to be largely back in service by the end of the week.
This is the second time this year that an important element of America’s energy infrastructure has experienced a significant outage that could affect residents in multiple states.
In February, Texas experienced an extreme winter storm. The event caused energy facilities to fail and left millions of Texas residents, and those in neighboring states, without electricity or clean running water. That crisis exposed how vulnerable America’s national energy infrastructure is to the effects of climate change and highlighted Texas’ inability to adequately prepare for what was once considered a rare event.