Adds comments from President Joe Biden
The hacking group DarkSide was responsible for a ransomware attack that led the Colonial Pipeline to suspend operations on its 5,500-mile (8,851km) fuel system, the US government said today.
President Joe Biden said the attack on the pipeline, which supplies about 45pc of the fuel consumed on the US east coast, was a "criminal act" that his administration was taking seriously. Biden said his administration was working to disrupt ransomware hacking groups, but also said some responsibility fell to countries where many of those groups reside.
"So far, there is no evidence from our intelligence people that Russia is involved," Biden said. "Although there is evidence that the actors' ransomware is in Russia. They have some responsibility to deal with this."
Colonial chose to halt its operations a "precautionary" measure to prevent the ransomware from spreading from business computers to the systems that actually operate the pipeline, the White House said today. The US Federal Bureau of Investigation, in a short statement, said it "confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks."
Colonial first notified shippers it was having problems with its network on May 7. Colonial has yet to release details about the cyberattack, but federal officials say they are continuing to investigate and calling on other companies to strengthen their focus on cybersecurity. The company said it expects to restart by the end of the week.
"This underscores the threat that ransomware poses to organizations regardless of size or sector," the US Department of Homeland Security's cybersecurity division executive assistant director Eric Goldstein said.
Professional hackers have increasingly turned to ransomware attacks on private companies, where they hack into critical systems and demand large payments in exchange for restoring access. The hacking group Darkside today identified itself as non-political and not affiliated with any government.
"Our goal is to make money, and not creating problems for society," DarkSide allegedly said in a statement obtained by cybersecurity researchers. "From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."