The federal government issued a rare declaration of emergency on Sunday after a cyberattack on a major U.S. pipeline choked the flow of oil to the eastern United States.
The Colonial Pipeline, responsible for the country’s largest fuel pipeline, shut down all operations on Friday after hackers broke into some of its networks. Its four main lines remain offline.
The Ministry of Transportation’s emergency declaration aims to speed up alternative transportation routes for oil and gas. It lifts regulations on drivers carrying fuel in 17 states in the southern and eastern United States, as well as the District of Columbia, allowing them to drive between fuel distributors and local gas stations with more overtime and less sleep than federal restrictions normally allow. The United States is already facing a shortage of tanker drivers.
The emergency order runs until June 8 and can be renewed. Colonial has yet to declare when it expects it to fully resume operations.
Industry experts have previously warned that an extended pipeline shutdown could push up gas prices and cause disruption in the eastern United States.
The FBI confirmed on Monday that the culprit was a strain of ransomware called DarkSide, believed to be exploited by a Russian cybercrime gang by the same name. Like many ransomware gangs, DarkSide makes money by hacking into a victim’s network, encrypting their files so they can’t be accessed, and threatening to post them online if they don’t get paid. high fees.
The cyberattack is believed to be the work of a Russian cybercrime gang called DarkSide. Like many ransomware gangs, it makes money by hacking into a victim’s network, encrypting their files so they can’t be accessed, and threatening to post them online if they don’t get paid. high fees.
In a statement posted on its website, DarkSide echoed a common sentiment among ransomware gangs – that they are a non-partisan group, only interested in making money – but appears to acknowledge that by hampering the industry fuel, they may have crossed a line with the United States that no ransomware gang has crossed before.
“We are apolitical, we do not participate in geopolitics, do not need to bind ourselves to a defined government and seek other our motives,” said the gang, misspelling “government”.
“Our goal is to make money, not to create problems for society. From today, we are introducing moderation and checking every business our partners want to cost to avoid social consequences in the future. “
The attack is the latest in a recent wave of independent ransomware attacks across the country. A different group recently broke into the Washington, DC Metropolitan Police Department and began leaking extremely detailed and personal files on officers. A third stole files from a major Taiwan-based Apple supplier and released previously private specifications for Apple products.
Many Russian cybergangs operate as independent operations, although they are sometimes recruited to work for Russian intelligence – and they generally avoid attacking targets in Russia.
Brett Callow, an analyst with cybersecurity firm Emsisoft that tracks ransomware, said there were signs in DarkSide’s malware that it was supposed to hit targets outside of Russia and Western Europe. ‘Is. He noted that the software is coded not to work with computers that have Russian or one of several other Eastern European languages set by default.
“DarkSide doesn’t eat in Russia,” Callow said. “It checks the language used by the system and, if it’s Russian, it shuts down without encryption. “
In all scenarios, it will take some time for Colonial to recover from the event, Callow said. It can take days for a large business to restore its system from data backups. Even if Colonial were to acquire a file decryption program from the gang itself – either by paying the ransom or if DarkSide were to provide one voluntarily – it would be a slow process due to the way it is encoded, he said. -he declares.
“Restore and restore is not necessarily a quick and easy process, and while critical functionality can be restored faster, organizations can take weeks, or even months, to fully return to their normal operations,” he said. -he declares.