1. Dashboards
  2. Companies
May 12, 2021

Russia denies involvement in Colonial Pipeline hack as US face fuel squeeze

By Eric Johansson

Russia has denied any involvement in the Colonial Pipeline hack after the White House condemned Friday’s cyberattack. The US now braces for a fuel squeeze as its allies call to review their own energy sectors’ digital defences.

Last week, Colonial Pipeline took its IT systems offline to contain file-encrypting ransomware developed by rent-a-cybercrime group DarkSide. The shutdown halted the flow of fuel along its lines up and down the US East Coast. The pipeline system is one of the largest in the US, carrying 45% of the East Coast’s diesel, petrol and jet fuel. This can amount to 2.5 million barrels of fuel moved per day.

US energy secretary Jennifer Granholm has urged American motorists not to hoard fuel, even though petrol may be in short supply following the hack.

“There should be no cause for hoarding gasoline,” Granholm said. “It’s not that we have a gasoline shortage. We have this supply crunch. Things will be back to normal soon.”

She added that the CEO of Colonial Pipeline had said that flow of petrol should be up and running by the end of the week, the Washington Examiner reported.

In the meantime, the shutdown of the Colonial Pipeline has pushed gasoline prices to $3.008 per gallon on average, breaking the $3 mark for the first time since the end of 2014, according to AAA. Prices are expected to surge still further the longer the crisis continues.

DarkSide is a ransomware-as-service group that rents out its software and infrastructure to other cybercriminals, taking a cut of their earnings. Its ransomware does not target systems where the language is set to Russian and it avoids attacking former Soviet states.

Despite these ties to the nation, Kremlin spokesman Dmitry Peskov has denied that the country had anything to do with the incident.

“Russia has nothing to do with these hacking attacks,” Peskov said on Tuesday. “Russia didn’t have anything to do with hacking attacks that had taken place earlier. We categorically don’t accept any accusations against us in this regard.”

President Joe Biden had stated on Monday that “there is no evidence, based on our intelligence people, that Russia is involved.”

DarkSide has also issued a statement denying any political affiliation and distancing itself from the operation, saying it will in future “check each company that our partners want to encrypt to avoid social consequences.” With “partners”, DarkSide referred to the criminal gangs using their solutions.

For Mike Campfield, head of EMEA operations at cybersecurity company ExtraHop, Russia denying any involvement is both comforting and concerning.

“On the one hand, the fact that the attacks on major US pipelines were perpetrated by cybercriminals using ransomware seems like a stroke of luck,” Campfield told Verdict. “If it were a nation-state, the damage would likely have been much, much worse. On the other hand, this should serve as a terrifying warning: if cybercriminals with far less sophisticated cyber capabilities than nation-state adversaries can take out 45% of the US East Coast fuel supply, the time to act to protect these assets is now.”

He noted that the European Commission is already exploring ways to protect against threats to critical infrastructure and more harshly punish those who target infrastructure. It is not the only institution doing so.

Following the Colonial Pipeline hack, South Korea’s minister of trade, industry and energy Moon Seung-wook called for a review into the security of the nation’s infrastructure. He urged the nation’s operators of oil pipelines, power grids, gas pipelines and emergency response systems to check the status of their systems and report back on their findings.

“In the wake of the disruption, it is necessary to thoroughly examine whether cybersecurity preparations and countermeasures for our energy-related infrastructure are properly in place,” the minister said, according to The Register.

The Colonial Pipeline ransomware attack is the latest in a string of incidents underscoring the risk from digital threats to important infrastructures. In February a malicious hacker took remote control of a water treatment facility in Florida and briefly increased sodium hydroxide levels to dangerous amounts.