The FBI confirmed hacker group DarkSide is responsible for the ransomware attack that forced the suspension of the critical supply line for US East Coast fuel products
Colonial Pipeline hopes to “substantially restore” operations along its network by the end of this week following a cyber-attack the FBI has today attributed to the hacking group known as DarkSide.
Services along the 5,500-mile system remain largely offline four days after the cybersecurity breach was noticed last Friday (7 May), cutting off a key artery that supplies around 45% of the fuel products used on the US East Coast.
The Georgia-based company was forced to shut down its entire network following the ransomware breach, and while it says some smaller lateral lines between terminals and delivery points are now operational, the four mainlines of the system still remain offline.
Colonial operates the US’ largest refined products pipeline, stretching along the eastern seaboard and transporting petroleum products from Gulf Coast refineries throughout the south and east of the country to as far north as New Jersey.
More than 2.5 million barrels of fuel products are normally moved each day, including gasoline, diesel, jet fuel, home heating oil and fuel used by the US military.
FBI confirms DarkSide responsible for Colonial Pipeline ransomware attack
The cyber-attack is one of the most audacious ever targeted at major energy infrastructure, prompting a major investigation by US authorities and raising concerns about supply disruptions and their impact on fuel prices.
Amy Myers Jaffe, director of the Climate Policy Lab at Tufts University Fletcher School, told Politico the incident is “the most significant, successful attack on energy infrastructure we know of in the United States”.
The FBI confirmed in a statement “the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks” and that it will continue to work with the company and other government agencies as the investigation progresses.
On Sunday, the US government issued emergency legislation for a “temporary hours of service exemption” for the transportation of fuel by road, meaning delivery drivers in several affected states can work more flexible hours to minimise shortages.
Experts suggest a swift resumption of operations would avoid too much market disruption, but a prolonged suspension of the network could impact fuel prices.
In an update published earlier today, Colonial Pipeline said the situation “remains fluid and continues to evolve” and that it executing a plan to incrementally facilitate a return to service in a phased approach.
The company has been coordinating with the US Department of Energy as part of the government’s investigation.
“We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery,” the company added.
In a statement seemingly issued by the hacking group and reported by several news agencies, DarkSide said its intentions were not political and it should not be linked to a “defined government”.
“We are apolitical, we do not participate in geopolitics,” the statement reads, without specifically referencing Colonial Pipeline. “Our goal is to make money, and not creating problems for society.”
DarkSide ransomware gang, which shut down the largest oil pipeline in the U.S., posted a notice that their only goal was money. pic.twitter.com/uZUkWz6rpi
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) May 10, 2021