Feds declare emergency after hackers use ransomware to shut down major pipeline

What happened last Friday is the sort of thing that would be considered a major terrorist attack if the goal behind it had been political. Hackers believed to be operating in Russia shut down the largest pipeline in the United States using ransomware. The Colonial Pipeline carries gasoline, diesel and jet fuel from refineries in Houston to locations as far north as New Jersey. It provides an estimated 45% of the fuel used along the east coast. Since Friday the entire 5,500 mile pipeline has been shut down. Sunday night the federal government declared a state of emergency and as of this morning the pipeline is still not operational.

The federal government issued a rare emergency declaration on Sunday after a cyberattack on a major U.S. pipeline choked the transportation of oil to the eastern U.S…

The emergency declaration from the Department of Transportation aims to ramp up alternative transportation routes for oil and gas. It lifts regulations on drivers carrying fuel in 17 states across the South and eastern United States, as well as the District of Columbia, allowing them to drive between fuel distributors and local gas stations on more overtime hours and less sleep than federal restrictions normally allow. The U.S. is already dealing with a shortage of tanker truck drivers.

The hackers responsible are believed to be a group called DarkSide. CNBC reports the group develops ransomware tools which it sells to other hackers. Since the hack on the pipeline, the group has now put up a statement vowing not to do something like this again:

According to Boston-based Cybereason, DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks. Think of it as the evil twin of a Silicon Valley software start-up…

Under a heading, “About the latest news,” DarkSide claimed it’s not political and only wants to make money without causing problems for society.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

That’s the sound of Russian hackers begging the U.S. government not to treat its actions as terrorism. But the claim that the group isn’t political has some holes in it. For one thing, the group’s software can’t be used against Russian targets:

Brett Callow, an analyst at the cybersecurity company Emsisoft who tracks ransomware, said there were signs in DarkSide’s malicious software that it was meant to hit targets outside Russia and eastern Europe. He noted that the software is coded to not work against computers where Russian or one of several other eastern European languages are set as the default.

“Darkside doesn’t eat in Russia,” Callow said. “It checks the language used by the system and, if it’s Russian, it quits without encrypting.”

In essence, the group won’t allow its software to be used anywhere that they could face legal repercussions. And that means that, at a minimum, they are hiding their crimes behind their Russian citizenship, aware that as long as they don’t attack Russian companies the authorities there aren’t going to bother them. As the report below points out, there’s no way they could do this without the tacit approval of Russian intelligence services.

It raises an interesting possibility. If DarkSide is worried about having this attack attributed to Russia, and they clearly are, what happens if we act as if Russia is ultimately responsible, i.e. respond to Putin for allowing this either through sanctions or sending some more “diplomats” home? Does DarkSide eventually pay a price for dragging Putin into this? And if so, wouldn’t that be a good thing from out perspective?

In any case, it’s likely the cost of gas is going to spike on the east coast, at least in the short term. This may have been a ransomware attack on one energy company but in effect it’s going to result in taking money from a large group of regular Americans. Democrats were always eager for President Trump to be tougher of Russia. Now that they control the White House it will be interesting to see what the reaction is to this attack on our critical infrastructure by Russian hackers protected by Putin.

Here’s a report on the pipeline from CBS News’ Catherine Herridge.