Advertisement

SKIP ADVERTISEMENT

The F.B.I. confirms that DarkSide, a ransomware group, was behind the hack of a major U.S. pipeline.

A deputy national security adviser said that the government believed DarkSide was “a criminal actor” but was looking for any ties to nation-states.

Colonial Pipeline storage tanks in Woodbridge, N.J.Credit...Ted Shaffrey/Associated Press

The F.B.I. confirmed on Monday that the hacking group DarkSide was responsible for the ransomware attack that closed a U.S. pipeline providing the East Coast with nearly half of its gasoline and jet fuel.

The Biden administration is expected to announce an executive order in the coming days to strengthen America’s cyberdefense infrastructure.

President Biden said on Monday that the government had mitigated any impact the hack on the petroleum pipeline might have had on the U.S. fuel supply. He added that his administration had efforts underway to “disrupt and prosecute ransomware criminals.”

Colonial Pipeline, the operator of the system, issued a statement saying that restoring service “takes time.” It added that while the situation was “fluid and continues to evolve,” the company would restore service incrementally, with the goal of “substantially” resuming service by the end of the week.

Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said Monday afternoon that the government believed DarkSide was “a criminal actor” but was looking for any ties the group might have to nation-states.

She added that Colonial had not sought cyber support from the government, and said that she could not confirm if the company, a private corporation, had paid any ransom.

Mr. Biden also said on Monday that, so far, there was no evidence from U.S. intelligence officials that Russia was involved, but he added: “There is evidence that the actors’ ransomware is in Russia. They have some responsibility to deal with this.”

Colonial’s pipeline transports 2.5 million barrels each day, taking refined gasoline, diesel fuel and jet fuel from the Gulf Coast up to New York Harbor and New York’s major airports. Most of that goes into large storage tanks, and with energy use depressed by the coronavirus pandemic, the attack was unlikely to cause any immediate disruptions.

Late Friday, Colonial said in a vaguely worded statement that it had shut down its 5,500 miles of pipeline, which it said carried 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach. Earlier in the day, there had been disruptions along the pipeline, but it was not clear at the time whether that was a direct result of the attack or of the company’s moves to proactively halt it.

Energy analysts warned that a prolonged suspension of the pipeline could raise prices at the pump along the East Coast and leave some smaller airports scrambling for jet fuel.

David E. Sanger is a White House and national security correspondent. In a 38-year reporting career for The Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book is “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.”  More about David E. Sanger

Pranshu Verma is a reporter in the Washington bureau, and part of the 2020 New York Times Fellowship class. He reports on diplomacy and transportation policy. More about Pranshu Verma

Advertisement

SKIP ADVERTISEMENT