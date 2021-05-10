Colonial Pipeline hasn’t asked the FBI for help and so far is mum as to whether it paid up after a cyber-extortion attempt last week interrupted service of its critical gas and fuel artery.

Vehicles are seen near Colonial Pipeline in Helena, Ala., in 2016. (AP Photo/Brynn Anderson, File)

WASHINGTON (CN) — Federal officials made their first public statement Monday after a hack triggered the partial shutdown this weekend of one of the nation’s major resources of fuel from Texas to New Jersey.

Confirming early reports that the entity responsible for the hack is called DarkSide — a gang with a Robin Hood-esque image of stealing from corporations and giving a cut to charity — the White House said Monday it stands at the ready to assist.

Rather than seek involvement by the federal government, Colonial Pipeline has hired a third party to conduct an assessment on its cybersecurity systems. The 5,500-plus-mile pipeline runs down the East Coast and into the Gulf of Mexico, supplying 45% of that area’s refineries with gas and jet fuel.

“The impact will be temporary and transitory,” White House press secretary Jennifer Psaki told reporters Monday.

Also at the briefing were Elizabeth Sherwood-Randall, who is the Biden administration’s homeland security adviser and deputy national security advisor, and Anne Neuberger, deputy national security adviser for cyber and emerging technologies. They confirmed Colonial Pipeline quickly took some of its more sensitive systems offline in the immediate wake of the ransomware attack Thursday.

The fuel provider said Monday it expects to have all of its systems up and running by the end of this week. It has also not disclosed whether it paid a ransom to DarkSide.

While the FBI typically suggests against paying ransom — warning that it complying could inspire repeat attacks — Neuberger said she understands why some companies might do so: Data that is stolen may not be backed up anywhere else, for one. Still, “it is up to Colonial to disclose whether or not they paid a ransom,” Neuberger underlined Monday.

Neither of the administration’s Homeland Security officials said Monday whether DarkSide is tied to a particular foreign actor or nation.

Early reports in the wake of the hack have suggested DarkSide may have some connection to former Soviet bloc nations since the company has mostly avoided attacking Russian, Ukrainian and Kazakh-speaking states.

Following remarks on his administration’s economic agenda at a separate event at the White House on Monday, President Joe Biden was asked if he felt Russia was at all involved. “I’m going to have a meeting with President Putin and so far there is no evidence, based on our intelligence, that Russia is involved,” Biden said. “But there is evidence that actors using ransomware are in Russia.”

Billing itself as a do-gooder hacking group with selective interests, DarkSide has stated publicly that it generally wishes to avoid attacking hospitals, nonprofits, schools or bodies of government. Instead, the group has claimed it focuses only on major corporations that have the ability to pay up when they come hacking.

For now, as Colonial untangles the chaos created, Biden administration officials said Monday the Departments of Defense, Energy and Transportation, as well as the Cybersecurity and Infrastructure Security Agency, are all working in tandem to assess and share information about the breach.

Data software and security threat detection group Varonis said in a statement Monday that among the crowded field of upstart hackers — DarkSide first appeared last August — this group is particularly stealthy. According to Varonis’ analysis, in its early phases, DarkSide engaged in a systematic and “coldly efficient” invasion of data often by patiently timing up some of its “noisier” activities as it lie in wait to delete backups, relax user permissions, and harvest credentials and more.

Fuel disruptions will be held to a minimum, at least in part, because of the White House’s decision this weekend to issue a temporary easing of restrictions on drivers hauling fuel across the U.S.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a statement Monday. “This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”