Criminal group originating from Russia believed to be behind Texas pipeline cyber-attack
WASHINGTON, DC — A criminal group originating from Russia named “DarkSide” is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, according to a former senior cyber official.
DarkSide typically targets non-Russian speaking countries, the source said. The attack has led the White House to form an interagency working group over the weekend to prepare for various scenarios, including whether additional steps need to be taken to mitigate any potential impact on fuel supply, a White House official said Sunday.
Bloomberg and The Washington Post have also reported on DarkSide’s purported involvement in the cyberattack.
Colonial Pipeline Company said Sunday it is working to develop a restart plan for its pipeline system, which was temporarily shut down to contain the threat.
The company’s main lines remain offline, but some smaller lines between terminals and delivery points are now operational, the company said in a statement Sunday, adding that it “will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
The Department of Energy is leading the federal government response, according to the company, which was also engaged with the FBI and Department of Homeland Security.
Tanker truck drivers will be allowed to work longer hours after a federal emergency declaration on much of the East and Gulf Coasts in response to the pipeline shutdown, the US Department of Transportation said Sunday. The exemption applies to transporting gasoline, diesel, jet fuel and other refined petroleum products to Alabama, Arkansas, the District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
Colonial Pipeline said it learned of the cyberattack late Friday, causing it to pause operations.
On Sunday, the company said it was in the process of restoring affected IT systems.
“Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline,” the latest statement said.