The ransomware attack group behind the Colonial pipeline hack has released an apology statement on the dark web. The statement published on the website didn’t directly point out the Colonial Pipeline incident; however, the headline of the note was titled “About the latest news.” Several tabloids have reported that the industry experts say that it was DarkSide behind the cyberattack.
Dmitry Smilyanets, a cyber-threat intelligence expert, tweeted a screenshot of the latest news on Monday. The statement said, “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives. Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Nicole Perlroth, a New York Times reporter, wrote on Twitter that “The criminals responsible, Darkside, are a relative newcomer to ransomware, but have an intriguing “code of conduct.” They will not extort hospitals, funeral homes, non profits. They do target large corps and sometimes donate some proceeds to charities (that return the $).”
What was the impact of the hack on Colonial Pipeline?
The 5,500-mile-long Colonial Pipeline holds crucial importance to the eastern US, as it delivers around 45% of the fuel to the particular region. On Friday, the pipeline company halted all its operations as a precautionary measure against the ransomware attack. It transports 2.5 million of refined gasoline from the Gulf Coast to New York every day. On the news of a cyberattack on the Colonial pipeline, the Brent crude oil fell from USD 69 per barrel on Monday to USD 67.8 per barrel today.
Alpharetta, Georgia-based Colonial Pipeline, said that it has hired a “third-party cybersecurity firm” to understand the scope of the incident. The company issued a statement and said that the situation “remains fluid and continue to evolve,” and is bringing the parts of the network online in a step-wise fashion.
Currently, the COVID-19 pandemic has reduced the demand for gasoline, as people are staying home to mitigate the spread of the virus. Meanwhile, according to the reports by Bloomberg, the gas station in the US East Coast are already running dry due to the panic buying in many states. The report includes a statement from the CEO of Colonial Pipeline, Joe Blunt. He says that the pipeline serves 26 oil refineries and 96 US installations, while also addressed the cyberattack, saying that the shipment won’t resume until the ransomware in the wholesome system is not neutralized.
President Joe Biden Statement on Incident
A White House spokesperson said that Joe Biden was briefed about the Colonial Pipeline ransomware attack on Saturday morning. Meanwhile, the Department of Energy said it is closely monitoring the impact of the shutdown on the nation’s gasoline supply. Yesterday, the Biden Administration said that is working with the private-held company to mitigate the impact of a ransomware attack.
“My administration takes this very seriously. We have efforts under way with the FBI and Department of Justice to disrupt and prosecute ransomware criminals,” President said. “My administration is also committed to safeguarding our critical infrastructure, much of which is privately owned and managed, like Colonial,” he added.
While major tabloids are reporting that the group involved in the attack is from Russia, Biden told to reporters that “So far there is no evidence from our intelligence people that Russia is involved, although there is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” Meanwhile, the Russian diplomat Dmitry Peskov told CNN that the country is not involved in any cyberattacks.
Colonial Pipeline cyberattack is not the only example that signifies the vulnerability of cybersecurity in the US. In December 2020, FireEye, a cybersecurity company, published a blog post, revealing a cyberattack on its systems. The company said that attack was done by a “highly sophisticated threat actor.”
In the same month, it published another blog, stating that the attacker has attacked various public and private organizations across the globe. This was done by targeting the IT management platform Orion, developed by the Texas-based company Solar Winds. In a statement by SolarWinds, it said that the malware has impacted 18,000 of its clients. In April 2021, Joe Biden imposed sanctions on Russia over cyberattacks on the US and its allies, which includes the SolarWinds attack.