FBI says Darkside hacking group responsible for pipeline cyberattack

The FBI on Monday blamed a hacking group for a cyberattack that took down the main pipeline carrying gas to the densely populated East Coast, provoking worries about the vulnerability of critical systems. The law enforcement agency, which is investigating the May 7 hack, pinned responsibility on Darkside, a group that reportedly develops ransomware and sells it to other outfits.  

"The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks," the agency said in a statement. "We continue to work with the company and our government partners on the investigation."

Colonial Pipeline, which operates pipes that carry refined petroleum products like gas and diesel for cars and trucks, jet fuel, heating oil for homes and fuel for the military, halted all pipeline operations after the hack. It also took "certain systems offline to contain the threat." 

The pipeline remained closed on Monday, but the company said in a statement that it's aiming for "substantially restoring operational service by the end of the week."

The shutdown increases alarm about cyberattacks on key infrastructure systems amid the use of ransomware in criminal activities. In ransomware schemes, attackers use code to seize control of a computer system and then demand money to unlock it. The worldwide WannaCry ransomware attacks in 2017, for instance, locked up computer systems at hospitals, banks and phone companies. And city governments in the US, including Baltimore's, have been hobbled by ransomware assaults as well.

Attacks like the one on Colonial also worry observers concerned about cyberwarfare tactics such as Russia's shutdown of part of Ukraine's power grid in 2015, and reports that a Russian government-sponsored group called Dragonfly or Energetic Bear gained access to control rooms of US electric utilities in 2017. The US military has also reportedly aimed cyberattacks at Russia's electrical grid and Iran's missile systems.

More recently, fears about Russian cyber-espionage were stoked by the massive SolarWinds hack, which used tainted software from the IT management company to penetrate multiple US federal agencies and at least 100 private companies. In April, US President Joe Biden signed an executive order imposing a range of retaliatory measures against Russia in the SolarWinds exploits.

Colonial connects refineries in the Gulf Coast and elsewhere with customers in the Southern and Eastern United States. Its pipeline system covers more than 5,500 miles and carries more than 100 million gallons of fuel per day, making it the biggest refined products pipeline in the US, according to the company.