The Colonial Pipeline on Wednesday announced that it had no plans to pay to have their stolen data encrypted, and are instead working with cybersecurity firm Mandiant to restore and rebuild their data systems.
Republicans have warned US President Joe Biden that his administration needed to take the pipeline cyberattack very seriously. Biden addressed concerns on Monday, revealing that his administration would take additional steps, which include coordinating with the Federal Bureau of Investigations (FBI), as well as the respective US Departments of Defense and Homeland Security.
Biden touched on the cyberattack during a Wednesday address in which he was quoted as saying that there would be good news coming within the next 24 hours. Operators of the pipeline subsequently announced that they would be restarting operations.
However, officials have also warned that it will take “several days” before operations will resume normal service.
— Charlie Spiering (@charliespiering) May 12, 2021
The DarkSide group that attacked the pipeline operates under a ransomware-as-a-service (RaaS) business model, and first surfaced on a Russian language hacking forum in August 2020. DarkSide and their affiliates have launched a global hacking spree affecting organizations in more than 15 countries.
On Wednesday, DarkSide posted on its site that they were responsible for a cyberattack targeting three more companies, including a US-based tech company, a renewable energy company in Brazil and a construction company in Scotland.
— Rishabh Gupta🇮🇳 (@RishabhCodes) May 12, 2021
The group also announced on Monday that they were not associated with any government and would vet each target they go after in order to avoid social consequences. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a Joint Cybersecurity Advisory (CSA) on Tuesday providing details on DarkSide and offering advice for preventing the ransomware threat.
The latest development comes as the nation’s capital has recently been the target of cyberattacks by another ransomware group known as Babuk, which hacked the Metropolitan Police Department last month. The group published the data of over 20 personnel early Wednesday.