The White House is working closely with top US fuel pipeline operator Colonial Pipeline to help it recover from a ransomware attack that forced the company to shut a critical fuel network supplying populous eastern states.
The attack is one of the most disruptive digital ransom schemes reported and has prompted calls from American politicians to strengthen protections for critical US energy infrastructure from hacking attacks.
Commerce Secretary Gina Raimondo said the pipeline fix was a top priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart as quickly as possible its more than 8850 kilometre pipeline network from Texas to New Jersey.
We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply,” she told CBS.
Colonial said on Sunday (local time) its main fuel lines remained offline but some smaller lines between terminals and delivery points were now operational.
Colonial transports roughly 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and southeastern United States.
Its extensive pipeline network serves major US airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest by passenger traffic.
A Charlotte Douglas International Airport spokesperson said the airport had supply on-hand and was “monitoring the situation closely,” adding the complex was supplied by another major pipeline as well as Colonial.
Retail fuel experts including the American Automobile Association said an outage lasting several days could have significant impacts on regional fuel supplies, particularly in the southeastern United States.
While the US government investigation is in the early stages, a former US official and three industry sources said the hackers were suspected to be a professional cybercriminal group called DarkSide.
DarkSide is one of many ransomware gangs extorting victims while avoiding targets in post-Soviet states. The groups gain access to private networks, encrypt files using software, and often also steal data.
They demand payment to decrypt the files and increasingly ask for additional money not to publish stolen content.
In the Colonial attack, the hackers took more than 100 gigabytes of data, according to a person familiar with the incident.
As the FBI and other government agencies worked with private companies to respond, the cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, the person said.
Colonial’s data did not appear to have been transferred from that system anywhere else, potentially limiting the hackers’ leverage to extort or further embarrass the company.
Cybersecurity firm FireEye is among those dealing with the attack, industry sources said. FireEye declined to comment. Colonial said it was working with a “leading, third-party cybersecurity firm,” but did not name the firm.
Messages left with the DarkSide hackers were not immediately returned. The group’s dark website, where hackers regularly post data about victims, made no reference to Colonial Pipeline.
Colonial declined to comment on whether DarkSide hackers were involved in the attack, when the breach occurred or what ransom they demanded.
President Joe Biden was briefed on the cyberattack on Saturday morning, the White House said, adding that the government was working to try to help the company restore operations and prevent supply disruptions.
Gasoline futures and diesel futures on the New York Mercantile Exchange rose on Friday after the outage was reported. In previous Colonial outages, retail prices have risen substantially, if briefly.