The premier US intelligence and security service on Monday confirmed that DarkSide, a hacking group, was behind the massive ransomware attack on a US pipeline that provides the East Coast of the country with nearly half of its gasoline and jet fuel.
The Federal Bureau of Investigation (FBI) said Monday that ransomware from the shadowy DarkSide group forced the shutdown of the Colonial Pipeline network, as the major fuel supplier said it was beginning to resume operations after the three-day freeze
The breach of Colonial Pipeline’s IT system forced the company to shut down 5,500 miles of pipelines to ensure hackers could not gain access to its operational technology.
The attack illustrated how susceptible a large company such as Colonial Pipeline was to ransom attacks that have gained momentum lately.
In a statement on Monday, Colonial Pipeline, the operator of the system, said restoring service “takes time”, adding that the situation “remains fluid and continues to evolve”.
The hacking group also acknowledged that they had forced the operator to shut its entire network.
"Our goal is to make money and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," DarkSide wrote on its website.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not creating problems for society,” it added further.
According to news reports, the DarkSide hacker gang responsible for the attack is a relatively new group.
The US government had issued emergency legislation on Sunday in the wake of the unprecedented attack on a pipeline that carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, petrol and jet fuel.
On Friday, Colonial Pipeline, which transfers gasoline and jet fuel from Texas to New York, said in a statement that it was shutting down thousands of kilometers of pipeline network in an attempt to contain the security breach.
Earlier in the day, there had been disruptions along the pipeline, but the main reason was not immediately clear.
Although some smaller lines were restarted on Sunday, Colonial refrained from giving any timeline for the restart of its main pipelines.
States including Florida, Georgia, Alabama, South Carolina, North Carolina, and Tennessee depend on the line for most of their fuel supplies.
The states, which suffered localized shortages and higher prices during previous shutdowns, are expected to experience the same problem.
Since the incident, gas prices have gone up a cent on the gallon, according to the American Automobile Association. The average price for regular unleaded gasoline was $2.962 in comparison with $2.901 a week earlier, the AAA said.
There is also an increase in demand across the United States as more and more people, who are vaccinated against COVID-19, start traveling.
Susceptibility to cyberwarfare
The confirmation of the cyberattack, which came as a big shock to top-notch officials in Washington DC, has once again revealed the vulnerability of critical US energy infrastructure.
“There’s obviously much still to learn about how this attack happened, but we can be sure of two things: This is a play that will be run again, and we’re not adequately prepared,” US Senator for Nebraska, Ben Sasse, said in a statement on Saturday.
Sen. Angus King frm Maine and Rep. Mike Gallagher from Wisconsin, the co-chairs of the Cyberspace Solarium Commission (CSC), in a statement on Sunday said they were “disappointed, though unsurprised” to learn of the incident.
“This interruption of the distribution of refined gasoline and jet fuel underscores the vulnerability of our national critical infrastructure in cyberspace and the need for effective cybersecurity defenses, including a robust public-private collaboration to protect both the pipeline system and electric grid, as well as the infrastructure of the telecommunications and financial services systems,” they said.
A report in Hill, citing data provided by cybersecurity company Check Point Research, said hackers attempt to breach American utility companies 260 times per week on average, with the company seeing a 50 percent increase in these attempts since March, and a general increase since the beginning of 2020.
But despite the steadily increasing cyber threats against critical infrastructure, experts say the U.S. remains worryingly vulnerable, it said.