Colonial Pipeline said Monday its goal is to substantially restore operational service "by the end of the week" following last week's ransomware attack, which forced the company to shut down operations and has the potential to hamper fuel distribution for the Eastern US.
In a statement, Colonial Pipeline said:
Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time. In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely.
While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach. This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week. The Company will provide updates as restoration efforts progress.
Colonial Pipeline is responsible for supplying 45% of the East Coast's fuel, including gasoline, diesel, jet fuel, home-heating oil, and fuel for the US military.
- Ransomware just got very real. And it's likely to get worse
- Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast's fuel
- Ryuk ransomware finds foothold in bio research institute through student who wouldn't pay for software
- Hackers are actively targeting flaws in these VPN devices. Here's what you need to do
The FBI confirmed Monday that the Russia-based hacker group DarkSide was behind the attack on Colonial Pipeline. The group runs a ransomware-as-a-service business and sells cybercrime tools to other malicious groups. DarkSide is known for encrypting data for ransom and also for stealing data and using the threat of its exposure as leverage for ransom payouts.
In a press briefing, US President Joe Biden said there is no evidence currently that the Russian government was involved in the attack, though the threat actor's ransomware clearly originates from the country.
On Monday, DarkSide posted a statement to its website that addresses the attack and the Colonial Pipeline shutdown.
"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," the statement said. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."