Colonial pipeline hack claimed by Russian group DarkSide spurs emergency order from White House

Tanker trucks are parked at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Ala., in 2016.Luke Sharrett                               / Bloomberg via Getty Images file

The Colonial Pipeline, responsible for the country’s largest fuel pipeline, shut down all its operations Friday after hackers broke into some of its networks. All four of its main lines remain offline.

The emergency declaration from the Department of Transportation aims to ramp up alternative transportation routes for oil and gas. It lifts regulations on drivers carrying fuel in 17 states across the South and eastern United States, as well as the District of Columbia, allowing them to drive between fuel distributors and local gas stations on more overtime hours and less sleep than federal restrictions normally allow. The U.S. is already dealing with a shortage of tanker truck drivers.

In a press briefing Monday, Homeland Security Advisor Elizabeth Sherwood-Randall said that Colonial initially shut down its networks as a precautionary measure, and that while the hackers broke into networks devoted to the company’s business operations, it did not reach computers that control the physical infrastructure that transports gasoline and other fuel.

The FBI confirmed Monday that the culprit is a strain of ransomware called DarkSide, believed to be operated by a Russian cybercrime gang referred to by the same name.

Like many ransomware gangs, DarkSide makes money by hacking a victim’s network, encrypting their files so they can’t be accessed and threatening to publish them online if they’re not paid a hefty fee.

In a statement posted to its website, DarkSide echoed a sentiment common across ransomware gangs — that they’re an apolitical group, only interested in making money — but seemed to acknowledge that by hampering the fuel industry, they may have crossed a line with the United States that no ransomware gang has crossed before.

In any scenario, it will take some time for Colonial to recover from the event, Callow said. It can take days for any large company to restore its system from data backups. Even if Colonial were to acquire a file decryptor program from the gang itself — either through paying the ransom or if DarkSide were to voluntarily provide one — it would be a slow process because of the way it’s encoded, he said.

“Remediation and recovery is not necessarily a quick and easy process, and while essential functionality can be restored more quickly, it can take organizations weeks or even months to fully return to normal operations,” he said.

Navy Vet

Article URL : https://www.nbcnews.com/tech/security/colonial-pipeline-hack-claimed-russian-group-darkside-spurs-emergency-rcna878