Russia denies involvement in Colonial Pipeline cyber-attack

Russia’s embassy in the United States has rejected speculation that Moscow had any responsibility for a ransomware cyber-attack that has disrupted activity at the biggest US gasoline pipeline.

President Joe Biden had earlier said there was no evidence thus far that Russia’s government was involved, but said there was evidence that the culprits’ ransomware was in Russia.

The Colonial Pipeline will not resume full operations for several days due to the attack, one of the most disruptive digital ransom schemes every reported which has been blamed on a shadowy criminal network called DarkSide.

“The Embassy took note of the attempts of some media to accuse Russia of a cyber-attack on Colonial Pipeline,” the Russian embassy said in a statement on Facebook.

“We categorically reject the baseless fabrications of individual journalists and reiterate that Russia does not conduct ‘malicious’ activity in the virtual space.”

The FBI has attributed the cyberattack to DarkSide, a group believed to be based in Russia or Eastern Europe. Its ransomware targets computers that do not use keyboards in the languages of former Soviet republics, cyber experts said.

The pipeline shutdown will reduce fuel availability in the near term, push up prices and force refiners to cut production because they have no way to ship the gas.

The incident is being regarded as one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten protections for critical US energy infrastructure against hackers.

Commenting on the attack, Shannan Fort, head of Cyber at McGill and Partners said: “While Colonial will be working around the clock to remove this ransomware from their systems, the organisation will likely be left with two options. Either work to clear this ransomware from all their systems, a complex, costly process which could take weeks. Or pay the ransom – however with payment, there is no guarantee that the systems, including their data, will be fully restored

“While we don’t know what they’re demanding, cyber-ransoms can run into the tens of millions of dollars – and they are often paid.

“This should be a wakeup call to organisations all over the world, many of whom are not prepared enough for a similar event. Cyber-attacks aren’t going away, cyber-criminals keep evolving and this means organisations will keep facing huge disruption unless they take real preventative and mitigative measures. There is a clear correlation between being prepared for these sorts of attacks and having to pay ransoms. The more prepared a company, for example with detailed data back-up and continuity measures, the less likely they are to be forced into paying.”

The attack continues to throw the spotlight on an area of cyber-crime which is becoming a huge concern for business.

Only last month the recently established international anti-cyber-crime coalition the Ransomware Task Force (RTF) published a series of nearly 50 recommendations in a major bid to combat cyber threats.

The RTF is a US-led team convened in early 2021 with participants from governments, software firms, cyber security vendors, non-profit and academic institutions from across the world.

Members include Microsoft, Amazon, the FBI and the UK’s National Crime Agency.

The aim of the RTF is to develop a robust plan to tackle the global ransomware threat, through deterring and disrupting the actors while helping ensure organisations are equipped to prepare and respond.

Colonial moves 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and south-eastern United States.

Its 5,000 mile (8,850 km) network serves major US airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest by passenger traffic.