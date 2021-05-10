(Reuters) – The White House was working closely with the main U.S. fuel pipeline operator Colonial Pipeline on Sunday to help it recover from a ransomware attack that forced the company to shut down a critical fuel network supplying Populated eastern states.

The attack is one of the most disruptive digital ransom programs reported and prompted U.S. lawmakers to tighten protections for critical U.S. energy infrastructure against hacking attacks.

Commerce Secretary Gina Raimondo said repairing the pipeline was a top priority for the Biden administration and that Washington was working to avoid more serious fuel supply disruptions by helping Colonial restart the most. quickly possible its pipeline network of more than 5,500 miles (8,850 km) from Texas to New Jersey.

It’s an all hands on deck effort right now, Raimondo said on the CBS Face the Nation show. We are working closely with the company, national and local authorities, to ensure that they return to normal operations as quickly as possible and that there are no disruptions in supply.

Colonial said on Sunday that its main fuel lines remain offline, but some smaller lines between terminals and delivery points are now operational. Neither Raimondo nor the company gave an estimate for a full restart date and Colonial declined further comment on Sunday.

U.S. gasoline futures jumped more than 3% to $ 2.217 per gallon, the highest since May 2018, as trading opened for the week and market participants responded at closing.

Colonial transports approximately 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and southeastern United States.

Its extensive pipeline network serves major US airports, including Atlantas Hartsfield Jackson Airport, the busiest in the world for passenger traffic.

A spokesperson for Charlotte Douglas International Airport said the airport has a supply and is monitoring the situation closely, adding that the complex is supplied by another major pipeline as well as Colonial.

Retail fuel experts, including the American Automobile Association, have said that a multi-day outage could have significant impacts on regional fuel supplies, especially in the southeastern United States.

During previous colonial blackouts, retail prices in the southeastern states rose dramatically.

The boards of governors of several of the US states most vulnerable to fuel shortages – including Tennessee, Georgia and Maryland – were not immediately available for comment.

SUSPECTED CYBERCRIMINALS

While the US government investigation is in its early stages, a former US official and three industry sources said the hackers were suspected of being a professional cybercrime group called DarkSide.

DarkSide is one of many ransomware gangs extorting victims while avoiding targets in post-Soviet states. Groups have access to private networks, encrypt files using software, and often steal data.

They demand payment for decrypting files and are increasingly asking for extra money not to post stolen content.

During the colonial attack, hackers took more than 100 gigabytes of data, according to a person familiar with the incident.

Holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm in Woodbridge, New Jersey, USA in an undated photograph. Colonial Pipeline / Document to be distributed via REUTERS

As the FBI and other government agencies worked with private companies to respond, the cloud computing system used by the hackers to collect the stolen data was taken offline on Saturday, the person said.

Colonial data did not appear to have been transferred from this system anywhere else, which could limit the leverage of hackers to extort or further embarrass the company.

Cyber ​​security firm FireEye is among those facing the attack, industry sources said. FireEye declined to comment. Colonial said he was working with a prominent third-party cybersecurity company, but did not name the company.

Messages left with DarkSide hackers were not immediately returned. The group’s dark website, where hackers regularly post victim data, made no reference to Colonial Pipeline.

Colonial declined to say if the DarkSide hackers were involved in the attack, when the breach occurred, or what ransom they demanded.

BIDEN BRIEFED ON HACK

President Joe Biden was briefed on the cyberattack on Saturday morning, the White House said, adding that the government was working to help the company resume operations and prevent supply disruptions.

US Senator Bill Cassidy, a Republican from Louisiana who sits on the energy committee, said lawmakers were prepared to work more with private critical infrastructure companies to guard against cyber attacks.

The implication of this, for our national security, cannot be overstated. And I promise you, this is something Republicans and Democrats can work on together, he told NBCs Meet the Press.

Another pipeline serving the same areas carries a third of what Colonial does. Any prolonged outages would force tankers to carry fuels from the US Gulf Coast to ports on the East Coast.

The Federal Motor Carrier Safety Administration issues a temporary hours-of-service exemption to truckers transporting refined products to 17 states on the south and east coast, including Alabama, Delaware, Florida, Georgia, New Jersey and New York.

Complicating the fallback plans, an industry source familiar with the federal response, said was that the ranks of tanker drivers for major trucking companies, which could absorb some of the pipeline’s volume, fell by 25 % or more because of coronavirus infections.

Oil refining companies contacted by Reuters over the weekend said their operations had not yet been affected. Some were struggling to find alternative transportation for customers.

The Georgia-based private company is owned by CDPQ Colonial Partners LP, IFM (US) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors LP, Koch Capital Investments Company LLC and Shell Midstream Operating LLC.