U.S. President Joe Biden said May 10 that Russia has “some responsibility” to address a ransomware attack that has paralyzed the largest U.S. fuel pipeline, although he refrained from directly blaming the Kremlin.
Biden said there was “no evidence” the Russian government was involved in the cyberattack on Colonial Pipeline, but said “there is evidence” the hackers or the ransomware software they used are “in Russia.”
“They have some responsibility to deal with this,” Biden said, adding that he will likely be meeting with Russian President Vladimir Putin for bilateral talks in June.
Responding to Biden’s comments, Kremlin spokesman Dmitry Peskov told TASS news agency that “Russia has nothing to do with this.”
Earlier, the FBI identified the group behind the attack on Colonial Pipeline as a criminal gang known as DarkSide, a hacker network that emerged last year using ransomware to extort money from victims.
Cyber experts say the network is based in Russia or former Soviet states, where local security services may tolerate and sometimes even employ these cybercriminals.
Asked at a White House press briefing whether Russia was involved, Anne Neuberger, deputy national-security adviser for cyber and emerging technology, said on May 10 that it is “certainly something our intelligence community is looking into.”
Neuberger said the White House was not offering advice on whether Colonial Pipeline should pay the ransom. She said the cybercriminals used a known variant of ransomware software and advised other companies to take action to protect themselves.
In a ransomware attack, hackers break into computer systems and scramble a victim’s data, making it unusable. The criminals then demand money in exchange for software decryption keys.
DarkSide, which cybersecurity experts say avoids targets in Russian-speaking countries, said in a statement posted online that their goal is to “make money, and not creating problems for society.”
DarkSide described itself as “apolitical,” adding “we do not participate in geopolitics.”
The statement said DarkSide intended to donate a portion of its profits to charities and had already sent its first donation.
The statement, quoted by CNBC and other U.S. media outlets, did not say how much ransom the hackers seek. Colonial Pipeline has not commented on the hackers’ statement.
DarkSide began attacking companies mostly in Western Europe, Canada, and the United States last year, asking ransom to be paid in Bitcoin.
In return, DarkSide supplies the company with a program that will unlock its computing systems.
The criminals also steal data from the victims, threatening to release it publicly if the company does not pay up.
Colonial Pipeline announced on May 8 that it was the victim of a ransomware attack the previous day and in response “proactively” took systems offline to contain the threat, which halted all pipeline operations and affected some IT systems.
The privately held company said on May 10 that it expects to “substantially” restore operational service by the end of the week.
The company’s pipeline transports about 45 percent of the U.S. East Coast’s fuel supplies — including gasoline, diesel, jet fuel, and home heating oil– from Gulf refineries in Texas all the way to New York. Experts said the shutdown was unlikely to have a major impact on fuel prices unless it were to last more than a week.
The situation nevertheless raised concerns about energy supplies, and U.S. government issued a regional state of emergency loosening regulations for the transport of fuel products on highways across 17 states and the District of Columbia.
The attack presents a new challenge for the Biden administration after two major cybersecurity breaches — the SolarWinds hack that compromised U.S. government agencies and private sector computer networks, and another penetration of some Microsoft e-mail servers.
The SolarWinds hack was blamed on Russian state-backed hackers while the Microsoft breach was attributed to a Chinese cyberespionage campaign.
The U.S. sanctioned the Kremlin in April for the SolarWinds hack, which U.S. officials have linked to a military intelligence unit and described as an intelligence-gathering operation.