The Biden administration has invoked emergency powers as part of an “all-out” effort to avoid fuel shortages after the worst cyber attack ever on U.S. infrastructure shut down crucial pipeline supplying the east coast .
The Federal Department of Transportation issued an emergency declaration on Sunday to ease regulations for drivers carrying gasoline, diesel, jet fuel and other refined petroleum products in 17 states and the District of Columbia. This allows them to work overtime or more flexible hours to compensate for any fuel shortages related to the pipeline failure.
Experts said on Sunday that gasoline prices are unlikely to be affected if the pipeline returned to normal in the coming days, but the incident should serve as a warning to businesses about the vulnerabilities they face.
The pipeline, operated by Georgia-based Colonial Pipeline, transports gasoline and other fuels from Texas to the northeast. It provides about 45% of the fuel consumed on the East Coast, according to the company.
He was struck by what Colonial called a ransomware attack, in which hackers typically block computer systems by encrypting data, crippling networks, and then demanding a large ransom to decrypt them.
Colonial Pipeline said on Sunday that it was actively restoring some of its computer systems. He said he remains in contact with law enforcement and other federal agencies, including the Department of Energy, which is leading the federal government’s response.
The company did not say what was requested or who requested it.
However, two people close to the investigation, speaking on condition of anonymity, identified the culprit as DarkSide. He is one of the ransomware gangs that have “professionalized” a criminal industry that has cost Western countries tens of billions of dollars in losses over the past three years.
DarkSide claims that it does not attack hospitals and nursing homes, educational or government targets and that it donates a portion of its catch to charity. It has been active since August and, typical of the most powerful ransomware gangs, it is known to avoid targeting organizations in countries of the former Soviet bloc.
Colonial did not say if he paid or was negotiating a ransom, and DarkSide did not announce the attack on its dark website. Lack of recognition usually indicates that a victim is negotiating or has paid.
On Sunday, Colonial Pipeline said it was developing a “system reboot” plan. He said its main pipeline remains offline but some smaller lines are now operational.
“We are in the process of restoring service to other laterals and will only bring our complete system back online when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said in a statement. .
Colonial transports gasoline, diesel, jet fuel and heating oil from refineries on the Gulf Coast through pipelines from Texas to New Jersey. Its pipeline network spans more than 8,850 km (5,500 miles), carrying more than 100m gallons (380m liters) per day.
Debnil Chowdhury, of research firm IHSMarkit, said if the outage spanned one to three weeks, gas prices could start to rise.
“I wouldn’t be surprised, if it ends up being an outage of this magnitude, if we see a 15 to 20 cent increase in gasoline prices over the course of the week or two,” he said.
Commerce secretary Gina Raimondo said on Sunday that the ransomware attacks were “what businesses now need to be worried about” and that she would work “very vigorously” with homeland security officials to resolve the issue, calling it top priority for the administration.
“Unfortunately, these types of attacks are more and more common,” she told CBS’s Face the Nation. “We need to work in partnership with businesses to secure networks in order to defend against these attacks.”
She said President Joe Biden had been briefed on the attack.
“It’s an off-road effort on the bridge right now,” said Raimondo. “And we are working closely with the company, national and local authorities to ensure that they return to normal operations as quickly as possible and that there are no disruptions in supply.”
One of those close to the colonial investigation said the attackers also stole data from the company. Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, as some victims are reluctant to have their sensitive information dumped online.
Ed Amoroso, boss of security firm TAG Cyber, said Colonial was lucky his attacker was at least ostensibly motivated solely by profit, not geopolitics. State-backed hackers bent on more serious destruction use the same intrusion methods as ransomware gangs.
“For businesses vulnerable to ransomware, this is a bad sign because they are likely more vulnerable to more serious attacks,” he said. Russian cyber warriors, for example, crippled the electricity grid in Ukraine during the winters of 2015 and 2016.
In the United States, the attacks have caused delays in cancer treatment in hospitals, interrupted education, and crippled police and city governments. Tulsa this week became the 32nd state or local government in the United States to suffer a ransomware attack, said Brett Callow, threat analyst at cybersecurity firm Emsisoft.