Energy securityCriminals Carried out Cyberattack on U.S. Pipeline

The hackers behind the ransomware attack on a vital U.S. pipeline operator are suspected to be a professional cybercriminal group called DarkSide, multiple people familiar with the investigation said on Sunday.

The cyberattack forced Georgia-based Colonial Pipeline to shut a critical fuel network that serves populous states on the East Coast.

It supplies nearly 45 percent of the fuel consumed in those states, the company said.

Colonial said it was hit by a ransomware attack, wherein hackers typically lock up computer systems by encrypting data and then demand a large ransom to decrypt it.

What is DarkSide?
DarkSide has been identified as one of the ransomware gangs that have “professionalized” a criminal industry that has cost Western nations tens of billions of dollars in such cyberattacks in the past three years.

The group claims that it does not steal from medical, educational, or government institutions, targeting only large corporations and donating a part of the ransom to charity.

Darkside, according to cybersecurity experts, is composed of veteran cybercriminals focused on squeezing out as much money as they can from their targets.

“They’re very new but they’re very organized,” said Lior Div, the chief executive of Boston-based security firm Cybereason.

“It looks like someone who’s been there, done that.”

The group first surfaced in August last year, and have since immediately unleashed a digital crimewave, Div told Reuters news agency.

It is also known to avoid targeting organizations in former Soviet republics, suggesting a possible link to these nations.

What is at Stake?
Colonial delivers more than 100 million gallons (380 million liters) of gasoline and other fuels per day from refiners on the Gulf Coast to consumers in the mid-Atlantic and southeastern United States.

It operates a more than 5,500-mile (8,850 km) pipeline network stretching from Texas to New Jersey, which serves major US airports, including Atlanta’s Hartsfield Jackson Airport — the world’s busiest by passenger traffic.

U.S. gasoline futures jumped more than 3 percent to $2.217 a gallon, the highest since May 2018, as trading opened for the first time since the cyberattack.

How Has the U.S. Responded?
The White House said it was working closely with Colonial as its main fuel lines remain offline for the third straight day.

The Department of Transportation issued a regional emergency declaration Sunday, relaxing hours-of-service regulations for drivers carrying gasoline, diesel, jet fuel, and other refined petroleum products in 17 states and the District of Columbia.

The declaration allows them to work extra or more flexible hours to make up for any fuel shortage related to the pipeline outage.

The Biden administration said restoring operations was a top priority for Washington and an “all-hands-on-deck” effort was underway to avoid disruptions in the fuel supply.

“It’s an all hands on deck effort right now,” Commerce Secretary Gina Raimondo told CBS “Face the Nation” program.

“We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”

Meanwhile, the company did not say whether it has paid or was negotiating a ransom.

In a statement released on Sunday, Colonial Pipeline said it was developing a “system restart” plan, adding that its main pipeline remained offline, but some smaller lines were now operational.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.

This article is published courtesy of Deutsche Welle (DW).