By Mary-Ann Russon
A cyber-criminal gang that took a major US fuel pipeline offline over the weekend has acknowledged the incident in a public statement.
"Our goal is to make money and not creating problems for society," DarkSide wrote on its website.
The US issued emergency legislation on Sunday after Colonial Pipeline was hit by a ransomware cyber-attack.
The pipeline carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, petrol and jet fuel.
The operator took itself offline on Friday after the cyber-attack. Work to restore service is continuing.
On Monday, the FBI officially confirmed that DarkSide was responsible for compromising Colonial Pipeline's networks, saying that it was continuing to work with the firm and other government agencies on the investigation.
During a speech about the economy at the White House on Monday, US President Joe Biden said that he was being "personally briefed" on the situation with the pipeline each day.
IMAGE COPYRIGHTAFPimage captionUS President Joe Biden answers questions about the fuel pipeline cyber-attack during a speech about the economy at the White House
"The agencies across the government have acted quickly to mitigate any impact on our fuel supply," he said.
"We're prepared to take additional steps depending on how quickly the company is able to bring its pipeline back up to capacity."
A number of cyber-security researchers, including firms contacted by the BBC, have speculated that the cyber-criminal gang could be Russian, as their software avoids encrypting any computer systems where the language is set as Russian.
Mr Biden said that the US government was concerned about this aspect of the cyber-attack.
"I'm gonna be meeting with President Putin and so far there is no evidence, based on our intelligence people, that Russia is involved," he said.
"Although, there's evidence that the actors' ransomware is in Russia - they have some responsibility to deal with this."
DarkSide posted a statement on its website on Monday, describing itself as "apolitical".
IMAGE COPYRIGHTCOLONIAL PIPELINEimage captionThe Colonial Pipeline carries 2.5 million barrels a day
"We do not participate in geopolitics, do not need to tie us with a defined government and look for... our motives," the group said.
The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates, saying: "From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."
Impact on fuel prices
US fuel prices at the pump rose six cents per gallon on the week to $2.967 per gallon for regular unleaded gasoline, the American Automobile Association (AAA) said on Monday, while Wall Street shares in US energy firms were up 1.5%.
The AAA said prices were heading towards their highest level since 2014.
On Sunday, the US government relaxed rules on fuel being transported by road to minimise disruption to supply. This allowed drivers in 18 states to work extra or more flexible hours when transporting refined petroleum products.
However, there are fears that this could change if the shutdown is prolonged.
Independent oil market analyst Gaurav Sharma told the BBC a lot of fuel was now stranded at refineries in Texas.
"Unless they sort it out by Tuesday, they're in big trouble," said Mr Sharma. "The first areas to be hit would be Atlanta and Tennessee, then the domino effect goes up to New York."
He said oil futures traders were now "scrambling" to meet demand, at a time when US inventories are declining.
Demand - especially for fuel for cars - is on the rise as consumers return to the roads and the economy recovers.
The temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity, Mr Sharma warned.
Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network and locked the data on some computers and servers, demanding a ransom on Friday.
The gang stole almost 100 gigabytes of data hostage, threatening to leak it onto the internet.
The FBI and other government agencies worked with private companies to respond - the cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.
On Sunday, Colonial said that although its four main pipelines remained offline, some smaller lines between terminals and delivery points were now operational.
"Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring," the firm said.
It added it would bring its full system back online "only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations".
No comments:
Post a Comment