Colonial Pipeline Hack Was Not Intended To ‘Create Problems’

The highly damaging ransomware attack on a major US fuel pipeline has highlighted the dangers posed to critical infrastructure by cybercrime.

The United States has been forced to shut down the Colonial Pipeline following a ransomware attack carried out by the Russian criminal gang called DarkSide.

The hack of the pipeline took place on Thursday of last week, and on Friday evening the pipeline had to be shut down to stop the ransomware spreading.

Pipeline attack

This is a major attack on a critical piece of US infrastructure.

The Colonial Pipeline runs between Texas and New Jersey and is 5,500 mile long.

It carries 2.5 million barrels a day, which translates to 45 percent of the fuel supply for the US East Coast. It includes diesel, petrol and jet fuel.

And there are media reports that petrol stations along the east have already run short of fuel, and because the pipeline also serves Atlanta airport, a busy regional airhub for America, the Biden administration has had to invoke emergency powers to ensure no fuel shortages or transport chaos takes place.

During a speech about the economy at the White House on Monday, US President Joe Biden said that he was being “personally briefed” on the situation with the pipeline each day.

“The agencies across the government have acted quickly to mitigate any impact on our fuel supply,” he reportedly said. “We’re prepared to take additional steps depending on how quickly the company is able to bring its pipeline back up to capacity.”

The pipeline also serves 90 US military installations and 26 oil refineries.

Services for the Colonial Pipeline are still being restored as of Monday it is reported, although the operator’s website remains offline as of Tuesday morning.

The FBI has issued a statement in which it confirmed that a Russian group was responsible for the attack.

“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks,” it said.

“We continue to work with the company and our government partners on the investigation.”

DarkSide response

The ransomware attack on this critical piece of US infrastructure has resulted in the criminal gang behind the attack, issuing an apology (of sorts).

DarkSide insisted they were not carrying out the attack for political purposes, but rather were just seeking to make money.

DarkSide reportedly targets English-speaking countries and is believed to operate out of one of the former Soviet republics.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the DarkSide statement reportedly says.

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

DarkSide also said it would donate a portion of its profits to charities, although some of the charities have turned down the contributions.

“No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the hackers wrote. “Today we sended [sic] the first donations.”

Typical ransom demands range from $200,000 to $20 million, CNBC reported.

Preventive measure

One security expert said the DarkSide statement shows that the criminals were concerned about the impact of their attack, and were keen to stress it is was not sanctioned by the Russian government.

“What’s interesting in the above statement is that the group does not want to be associated with the Russian (or any) government, nor does it want to be seen as a ‘bad guy’,” noted Andrey Yakovlev, security researcher at threat intelligence company, IntSights.

“It’s my opinion that they got a bit overwhelmed by the media coverage and all the attention it brings to Russian cyber-offensive,” said Yakovlev. “I did not see any direct statements that ‘DarkSide equals Kremlin,’ but there has recently been a lot of news related to Russian state-sponsored attacks (SolarWinds, for example) so I think the DarkSide statement was a preventive measure, to differentiate from the Russian government in the beginning.”

“While DarkSide and other gangsomware groups may not intend to cause harm to society in their endeavors, the impacts of their actions are increasingly devastating at a local, national, and even global level,” said Yakovlev. “The Colonial Pipeline attack has severely crippled the US fuel supply chain by taking Colonial’s main pipelines offline for what will be days, and perhaps could become weeks.”

“The service organisation model employed by groups such as DarkSide is an important trend in ransomware activities that are meant to maintain at least some level of decency making as much money as possible,” Yakovlev concluded. “For example, they do not target certain industries and services such as healthcare. While not specifically targeted toward bringing down critical infrastructure, these attacks are a wake-up call for organisations with related supply chains.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Meta Sued For $150 Billion By Rohingya Refugees

Meta sued for billions of dollars for not allegedly removing anti-Rohingya hate speech during 2017…

2 hours ago

Intel To List Self-driving Car unit Mobileye

Public offering planned for Intel's self-driving-car unit Mobileye next year, but Intel says it will…

3 hours ago

Virgin Media O2 Completes Gigabit Network Upgrade

Ultrafast broadband. 15.5 million homes can now access speeds of 1.1Gbps, after Virgin Media O2…

4 hours ago

Craig Wright Wins US Case Over Bitcoin Inventor Claim

Computer scientist who claims to be Satoshi Nakamoto, wins US court case against former partner,…

6 hours ago

300 Spar Stores Impacted After Cyberattack On Supplier

Family run firm in Preston, Lancashire suffers cyberattack, which impacts tills and IT systems for…

7 hours ago

EC Gathers Feedback On Microsoft’s Nuance Buy, Despite US Approval

European antitrust regulators are gathering competition data on Microsoft's purchase of Nuance ahead of 21…

7 hours ago