Colonial Pipeline: Biden official warns of more cyber attacks after 'Russia gang' gas hack sparks emergency in 18 states

THE Biden administration has warned of more cyber attacks after Russian hackers knocked out America's largest gas pipeline, sparking an emergency declaration in 18 states.

Commerce Secretary Gina Raimondo warned yesterday that such attacks are "here to stay" and said the White House must "work in partnership with business to secure networks to defend ourselves."


Speaking on CBS, Raimondo's remarks came in response to Friday night's hack of Colonial Pipeline, which supplies gasoline, diesel and jet fuel to states from New Jersey to Texas, across 5,500 miles.

The company said it was the victim of a ransomware attack, which is where computer systems are encrypted and then a ransom payment is demanded to release them.

The hack is believed to be the largest successful digital attack on US energy infrastructure in history.

Government officials told Reuters that the Russian hacking group DarkSide is among the list of suspects.

Raimondo warned of the inevitability of more similar attacks in the future and urged American businesses to better safeguard their systems.

"This is what businesses now have to worry about," she told Face The Nation on Sunday.

"Unfortunately, these sorts of attacks are becoming more frequent … and we have to work in partnership with business to secure networks to defend ourselves."

Raimondo confirmed that President Biden had been briefed on the hack and said the government is working closely with Colonial, as well as state and local officials, to "make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply."

Friday's hack saw emergency declarations issued in 18 different states.

The emergency measure allows fuel to be transported by road in all affected areas and provides regulatory relief to commercial motor vehicle operations that are part of support efforts.

The affected states are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

In a statement issued Sunday, Colonial said it had opened some small delivery lines but the main system was still down.


"While our mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational," Colonial said in a statement, adding it would "bring our full system back online only when we believe it is safe to do so.

"We have remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response."

Sources told Bloomberg that hackers stole nearly 100 gigabytes of data out of Colonial's network on Thursday, a day before the pipeline shutdown.

It's currently unclear whether Colonial has paid or is negotiating a ransom.

A sustained shutdown of the pipeline, which carries around 100 million gallons of fuel daily,could cause gas prices to spike ahead of summer, causing a blow to consumers and the US economy.

Who precisely is behind the Colonial hack hasn't yet been officially disclosed, however a former US official and two industry sources told Reuters that DarkSide is among the leading suspects.

Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.

"They're very new but they're very organized," Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.

"It looks like someone who's been there, done that."

DarkSide's site on the dark web hints at their hackers' past crimes, claims they previously made millions from extortion and that just because their software was new "that does not mean that we have no experience and we came from nowhere."

The site also features a Hall of Shame-style gallery of leaked data from victims who haven't paid up, advertising stolen documents from more than 80 companies across the United States and Europe.

The group first emerged in August 2020 and claims to have a kind of ethics code.

DarkSide said it wouldn't target schools, universities, hospitals, hospices, non-profit bodies and the government "based on its principles."

Instead, it said it would target companies that could afford to pay its ransoms, which could be millions of dollars.

According to data security firm Arete, ransoms average more than $6.5 million and the attacks lead to an average of five days of downtime for the business.

    Source: Read Full Article