UPDATE 5/12: As of 5 p.m ET, Colonial Pipeline has started to bring its pipelines back online.
"Following this restart, it will take several days for the product delivery supply chain to return to normal," it said in a statement. "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."
Original Story:
The FBI today confirmed that the cyberattack that forced Colonial Pipeline to take its network offline over the weekend is due to ransomware known as DarkSide.
"The FBI confirms that the DarkSide ransomware is responsible for the compromise of the Colonial Pipeline networks," the agency says. "We continue to work with the company and our government partners on the investigation."
During a Monday White House press briefing, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, said the FBI has been investigating the DarkSide variant since October 2020, and has determined that it's a ransomware-as-a-service attack, meaning "criminal affiliates conduct attacks and then share the proceeds with ransomware developers," she said.
Though news reports have tied DarkSide to Russian operatives, President Biden said Monday that "so far, there's no evidence...from our intelligence people that Russia is involved, although there is evidence that the actors [behind the ransomware are] in Russia, [so] they have some responsibility to deal with this."
Neuberger also declined to place the blame on any one party. "At this time we assess that DarkSide is a criminal actor," she said, but the US intelligence community is still investigating whether a particular nation-state is responsible.
Asked if Colonial had paid a ransom, Neuberger said "Colonial is a private company and we'll defer to them."
The federal government is currently looking at what type of advice to offer companies when they're hit by ransomware, she added. When a reporter noted that the FBI has long advised ransomware victims not to pay ransoms, Neuberger said "we recognize...that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.
"We need to look thoughtfully at this area, including with our international partners, to determine what we do, in addition to actively disrupting infrastructure and holding perpetrators [responsible] to ensure we're not encouraging the rise of ransomware," she added.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
