Biden: Russian Government Not Behind Colonial Pipeline AttackBut President Says Attackers Reside in Russia
President Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. on May 7.
"We do not believe the Russian government was involved in this attack - but we do have strong reason to believe that the criminals who did the attack are living in Russia," Biden said Thursday at a press conference where he discussed the attack and the company's resumption of operations.
Biden, however, declined to comment on a Bloomberg News report that Colonial Pipeline paid the attackers a nearly $5 million ransom.
Bloomberg cited unnamed sources who claim the company paid the ransom on May 7, the day the attack was made public.
Colonial Pipeline did not immediately respond to a request for comment. The company has not revealed details about the attack, including whether it was in contact with attackers or paid a ransom.
DarkSide Ransomware Involved
On Monday, the White House and the FBI said the Colonial Pipeline attackers used DarkSide ransomware. The attack temporarily disrupted the company's ability to deliver petroleum products to a large swath of the East Coast. The company restarted operations on Wednesday (see: Colonial Pipeline Restarts Operations Following Attack).
The DarkSide crime syndicate, which operates as a ransomware-as-a-service operation, blamed the attack on an affiliate, saying in a statement posted on its darknet website, "Our goal is to make money, and not creating problems for society."
Georgia-based Colonial Pipeline Co. connects refineries in the Gulf Coast to customers throughout the southern and eastern U.S. through a pipeline system of more than 5,500 miles. Its pipeline carries gasoline, diesel, jet fuel, home heating oil and fuel for the military. Colonial Pipeline transports about 45% of all the fuel consumed on the East Coast.
Talks With Russia
White House officials have spoken with the Russian government concerning the Colonial Pipeline incident, the president confirmed Thursday, but he offered scant details about the conversation.
"We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks," Biden said.
The Russian government earlier this week denied any connection to the attack.
Biden said the Justice Department's recently activated Ransomware and Digital Extortion Task Force would work to help identify and prosecute the Colonial Pipeline attackers.
On April 15, the U.S. issued sanctions against Russia over the SolarWinds supply chain attack and for meddling in the 2020 election.
On Wednesday, Biden signed an extensive executive order that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's digital infrastructure.
The order covers a wide range of topics, including improving the ability of the public and private sectors to share threat intelligence, modernizing the federal government's approach to cybersecurity and enhancing supply chain security.
The Ransom-Paying Problem
The FBI has repeatedly stated it discourages companies and individuals from paying ransoms. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said Monday that such decisions are ultimately left to the organization that has been targeted.
"We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data," Neuberger said. "And that is why - given the rise in ransomware and given the troubling trend of [attackers] targeting companies that have insurance - we need to look thoughtfully at this area, including with our international partners, to determine what we do in addition to actively disrupting infrastructure and holding perpetrators accountable to ensure that we're not encouraging the rise of ransom."
Many companies, municipalities and school districts have opted to meet their attackers' demands and pay a ransom to regain control of their data or systems.
In 2019, the Florida cities Lake City and Riviera Beach paid ransoms of $530,000 and $600,000, respectively. The University of Utah paid a $457,000 ransom to stop a hacker from disclosing data stolen in a July 2020 ransomware attack.