A relatively new Russian criminal organization known as DarkSide may be behind the recent ransomware attack against the Colonial Pipeline, two sources familiar with the matter told NBC News on Sunday.
Operated by the Georgia-based Colonial Pipeline Co., the Colonial Pipeline runs from Texas to New Jersey, transporting 45 percent of the East Coast's fuel supply. It was shut down on Friday after Colonial Pipeline learned it was the target of a ransomware attack, and on Sunday, the company said its main lines are still not operating and the full system will be "back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations."
During an appearance on Sunday's Face the Nation, Commerce Secretary Gina Raimondo said the White House is assisting Colonial Pipeline as it works to restart its systems, and lamented that ransomware attacks are "unfortunately" becoming "more frequent. They're here to stay." A White House official told NBC News the Department of Energy is in charge of the government's response to the Colonial Pipeline cyberattack, and different agencies are planning for scenarios where the United States' fuel supply is targeted.
Dmitri Alperovitch, co-founder and former chief technology officer of the cyber security firm CrowdStrike, told NBC News that if the cyberattack was plotted by a Russian group, "whether they work for the state or not is increasingly irrelevant, given Russia's obvious policy of harboring and tolerating cyber crime."