WASHINGTON — A major U.S. fuel pipeline that was shut down after a ransomware attack may have been struck by a Russian criminal group, two sources familiar with the matter said Sunday.
The group, known as DarkSide, is relatively new but has a sophisticated approach to the business of extortion, the sources said.
Commerce Secretary Gina Raimondo said Sunday that the White House was working to help Colonial Pipeline, the Georgia-based company that operates the pipeline, to restart its 5,500-mile network.
The system runs from Texas to New Jersey and transports 45 percent of the East Coast’s fuel supply. According to CNBC, the pipeline remained mostly offline Sunday.
“It’s an all hands on deck effort right now,” Raimondo said on “Face the Nation” on CBS Sunday. “We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”
She added, “Unfortunately, these sorts of attacks are becoming more frequent. They’re here to stay.”
On Saturday, Colonial Pipeline blamed the cyberattack on ransomware and said some of its information technology systems were affected. It added that it “proactively” took “certain systems offline to contain the threat.”
The company has not said what was demanded or who made the demand.
Although Russian hackers often freelance for the Kremlin, early indications suggest this was a criminal scheme — not an attack by a nation state, the sources said.
But the fact that Colonial had to shut down the country’s largest gasoline pipeline underscores just how vulnerable American’s cyber infrastructure is to both criminals and national adversaries, such as Russia, China and Iran, experts say.
“This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe,” said Andrew Rubin, CEO and co-founder of Illumio, a cyber security firm.
“It’s an absolute nightmare, and it’s a recurring nightmare,” he said. “Organizations continue to rely and invest entirely on detection as if they can stop all breaches from happening. But this approach misses attacks over and over again. Before the next inevitable breach, the President and Congress need to take action on our broken security model.”
If the culprit turns out to be a Russian criminal group, it will underscore that Russia gives free reign to criminal hackers who target the West, said Dmitri Alperovitch, co-founder of the cyber firm CrowdStrike and now executive chairman of a think tank, the Silverado Policy Accelerator.
“Whether they work for the state or not is increasingly irrelevant, given Russia’s obvious policy of harboring and tolerating cyber crime,” he said.
According to a top Reuters cyber security reporter, DarkSide has its own web site on the dark web that claims the group has made millions from cyber extortion and features an array of leaked data from victims who failed to pay ransom.
Tim Stelloh and The Associated Press contributed.
Source: | This article originally belongs to Nbcnews.com
