Biden Says Russia Has ‘Some Responsibility’ in Colonial Attack

Joe Biden speaks from the East Room of the White House May 10
President Biden speaks from the East Room of the White House on May 10. (Evan Vucci/Associated Press)

[Stay on top of transportation news: Get TTNews in your inbox.]

President Joe Biden said Russia has “some responsibility” to address a ransomware attack that crippled the Colonial fuel pipeline and that he’ll seek global cooperation to combat similar hacks.

Biden stopped short of blaming the Kremlin for the attack, but said “there’s evidence” the hackers or the software they used are “in Russia.”

“They have some responsibility to deal with this,” he told reporters at the White House on May 10, after announcing that “my administration will be pursuing a global effort of ransomware attacks.”



RESOLUTION SOON? Colonial hopes to restore pipeline by end of week

HOS WAIVER: FMCSA relaxes rules in 17 states, D.C.

“We have efforts underway with the FBI and DOJ — Department of Justice — to disrupt and prosecute ransomware criminals,” he said.

Earlier, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said the government is “actively engaged” with Colonial, but that the company hasn’t asked for federal assistance with its cybersecurity. She said the Federal Bureau of Investigation has been probing the ransomware used in the attack since October.

“Transnational criminals are most often the perpetrators of these crimes, and they often leverage global infrastructure and global money laundering networks,” she said, describing the need for an international campaign to combat ransomware.

“To combat the exploitation of virtual currencies that are often used for payment and ransomware, the U.S. Treasury has also been leading international efforts, including driving development and adoption of virtual assets standards,” she said.

But she said the U.S. has no advice to victims of the attacks about whether they should pay ransoms. The attacks are known as “ransomware” because the hackers typically ask for money in exchange for restoring control of companies’ systems.

“We recognize that victims of cyberattacks often face a very difficult situation, and they have to just balance, often, the cost benefit when they have no choice with regard to paying a ransom,” she said.

Asked whether the hackers are connected to a foreign government, Neuberger said that “at this time” they are considered “a criminal actor.”

“Our intelligence community is looking for any ties to any nation-state actors,” she said.

The Colonial pipeline hasn’t suffered damage and can be brought back online “relatively quickly,” Deputy National Security Adviser Elizabeth Sherwood-Randall told reporters in a briefing with Neuberger, adding: “Right now, there is not a supply shortage.”

The pipeline was idled for the third consecutive day on May 10, as fuel suppliers increasingly worry about the possibility of gasoline and diesel shortages across the U.S. East Coast. Colonial Pipeline said May 10 it expects the pipeline to be “substantially” back in operations by the end of the week.

The FBI confirmed May 10 that ransomware made by a group known as DarkSide was used in the attack. The group posted a message on its dark web page suggesting an affiliate was behind the attack and that it would vet buyers of its ransomware in the future to “avoid social consequences.”

“We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

While the inquiry remains in its early stages, some evidence has emerged linking DarkSide to Russia or elsewhere in Eastern Europe.

— With assistance from Jordan Fabian.

Want more news? Listen to today's daily briefing below or go here for more info: