Biden says Russia has 'some responsibility' in Colonial Pipeline attack
President says there's evidence that hackers or software they used are in Russia
US President Joe Biden on Monday said Russia had “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline and that he would seek global co-operation to battle similar hacks.
Mr Biden stopped short of blaming the Kremlin for the Friday attack, but said “there’s evidence” the hackers or the software they used are in Russia.
“They have some responsibility to deal with this,” he said on Monday.
“My administration will be pursuing a global effort of ransomware attacks. We have efforts under way with the FBI and Department of Justice to disrupt and prosecute ransomware criminals."
Earlier, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said the government was “actively engaged” with Colonial, but that the company had not asked for federal assistance with its cyber security.
Ms Neuberger said the FBI was investigating the ransomware used in the attack since October.
“Transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and global money-laundering networks,” she said.
Ms Neuberger said there was a need for an international campaign to combat ransomware.
“To combat the exploitation of virtual currencies that are often used for payment and ransomware, the US Treasury has also been leading international efforts, including driving development and adoption of virtual assets standards,” she said.
But Ms Neuberger said the US had no advice to victims of the attacks about whether they should pay ransom.
The attacks are known as “ransomware” because the hackers typically ask for money in exchange for restoring control of companies’ systems.
“We recognise that victims of cyber attacks often face a very difficult situation and they have to just balance, often, the cost benefit when they have no choice with regard to paying a ransom,” Ms Neuberger said.
She said that “at this time” the hackers were considered “a criminal actor".
“Our intelligence community is looking for any ties to any nation-state actors,” Ms Neuberger said.
The Colonial pipeline has not been damaged and can be brought back online “relatively quickly", deputy national security adviser Elizabeth Sherwood-Randall said.
“Right now, there is not a supply shortage."
The pipeline was idle for the third consecutive day on Monday, as fuel suppliers increasingly worry about the possibility of petrol and diesel shortages across the east coast of the US.
Colonial Pipeline said on Sunday that it was still working on a plan to restart the nation’s largest fuel pipeline and would when it was “safe to do so, and in full compliance with the approval of all federal regulations".
The company said on Monday that it expected the pipeline to be “substantially” back in operation by the end of the week.
The attack came as the energy industry braced for increased demand from summer travellers and the loosening of Covid-19 restrictions nationally.
The White House said on Sunday that it had launched an inter-agency working group to address the breach, including planning for options to lessen the effects on the US energy supply.
The Department of Energy and the FBI said they had been in contact with Colonial Pipeline.
Mr Biden can invoke emergency powers to keep fuel flowing.
On Sunday, he extended the time delivery drivers can spend behind the wheel when carrying fuel, “to avoid disruption to supply”, the Federal Motor Carrier Safety Administration said.
Mr Biden can also waive the Jones Act, which requires ships to be built and flagged in the US and crewed by American workers to transport goods between US ports.
Foreign-flagged tankers could help to fill any gap, either taking fuel from the Gulf Coast to New York or from Europe.
The FBI confirmed on Monday that ransomware made by a group known as DarkSide was used in the attack.
The group posted a message on its dark-web page suggesting an affiliate was behind the attack and that it would vet buyers of its ransomware in the future to “avoid social consequences".
“We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society.
"From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
While the inquiry remains in its early stages, some evidence has been discovered linking DarkSide to Russia or elsewhere in Eastern Europe.
Updated: May 11, 2021 08:48 AM