Biden Says Russia Has ‘Some Responsibility’ in Colonial Attack
(Bloomberg) -- President Joe Biden said Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline and that he’ll seek global cooperation to combat similar hacks.
Biden stopped short of blaming the Kremlin for the Friday attack, but said “there’s evidence” the hackers or the software they used are “in Russia.”
“They have some responsibility to deal with this,” he told reporters at the White House on Monday, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”
“We have efforts underway with the FBI and DOJ -- Department of Justice -- to disrupt and prosecute ransomware criminals,” he said.
Earlier, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said the government is “actively engaged” with Colonial, but that the company hasn’t asked for federal assistance with its cybersecurity. She said the Federal Bureau of Investigation has been probing the ransomware used in the attack since October.
“Transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and global money laundering networks,” she said, describing the need for an international campaign to combat ransomware.
“To combat the exploitation of virtual currencies that are often used for payment and ransomware, the U.S Treasury has also been leading international efforts, including driving development and adoption of virtual assets standards,” she said.
But she said the U.S. has no advice to victims of the attacks about whether they should pay ransoms. The attacks are known as “ransomware” because the hackers typically ask for money in exchange for restoring control of companies’ systems.
“We recognize that victims of cyber attacks often face a very difficult situation, and they have to just balance, often, the cost benefit when they have no choice with regard to paying a ransom,” she said.
Asked whether the hackers are connected to a foreign government, Neuberger said that “at this time” they are considered “a criminal actor.”
“Our intelligence community is looking for any ties to any nation-state actors,” she said.
The Colonial pipeline hasn’t suffered damage and can be brought back online “relatively quickly,” Deputy National Security Adviser Elizabeth Sherwood-Randall told reporters in a briefing with Neuberger, adding: “Right now, there is not a supply shortage,”
The pipeline was idled for the third consecutive day on Monday, as fuel suppliers increasingly worry about the possibility of gasoline and diesel shortages across the U.S. East Coast. Colonial Pipeline said Sunday that it was still working on a plan to restart the nation’s largest fuel pipeline and would once it is “safe to do so, and in full compliance with the approval of all federal regulations.”
The company said Monday it expects the pipeline to be “substantially” back in operations by the end of the week.
The attack came as the energy industry braced for stepped-up demand from summer travelers and the loosening of Covid-19 restrictions nationally. The White House said Sunday that it has launched an inter-agency working group to address the breach, including planning for options to lessen the impact on the nation’s energy supply. The Department of Energy and the FBI each said they’ve been in contact with Colonial Pipeline.
Biden can invoke an array of emergency powers to keep fuel flowing. On Sunday, he extended the time delivery drivers can spend behind the wheel when transporting fuel, a move intended “to avoid disruption to supply,” the Federal Motor Carrier Safety Administration said.
The president also has the option of waiving the Jones Act, which requires ships to be built and flagged in the U.S. and crewed by American workers to transport goods between U.S. ports. Foreign-flagged tankers could help fill any gap caused by the pipeline’s crippling, either transporting fuel from the Gulf Coast to New York or from Europe.
The FBI confirmed Monday that ransomware made by a group known as DarkSide was used in the attack. The group posted a message on its dark web page suggesting an affiliate was behind the attack and that it would vet buyers of its ransomware in the future to “avoid social consequences.”
“We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
While the inquiry remains in its early stages, some evidence has emerged linking DarkSide to Russia or elsewhere in Eastern Europe.
©2021 Bloomberg L.P.