After a ransomware attack on the Colonial Pipeline caused havoc for Americans as gas supplies dried up on parts of the East Coast, the Biden administration is targeting the hackers with a new task force and by urging Russia to act — just as operations are getting back to normal.
“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Biden said Thursday.
He clarified that the U.S. does not believe the attack was coordinated by the Russian government, “but we do have strong reason to believe that criminals who did the attack are living in Russia.”
Meanwhile, the Justice Department is moving forward with measures Biden said are designed to “disrupt their ability to operate” — including a new task force created recently dedicated to prosecuting ransomware hackers.
According to the Wall Street Journal, it will increase training and funnel more resources to identifying hackers while improving intelligence sharing and “links between criminal actors and nation-states.”
The force will also target the ecosystem behind such criminals, with prosecutions, disruptions and curbing services like forums that advertise their services, the Journal reported.
How effective such efforts will be will remain to be seen. In the past, hackers from foreign countries that have attacked U.S. targets have not been formally charged by the DOJ for years — and even then they are rarely brought to justice as they are situated in countries that are U.S. geopolitical foes like China, North Korea and Russia.
The ransomware group deemed responsible, DarkSide, said in a message on Friday that its web servers had been seized, cryptocurrency had been drained from its account and it was shutting down operations. It blamed law enforcement agencies as well as “pressure from the U.S”
DarkSide said it would release decryption tools for companies who had yet to pay ransom in response to the groups’ demands. The website operated by DarkSide ceased operation on Thursday. Multiple outlets reported that pipeline officials paid nearly $5 million in cryptocurrency to the hackers.
Biden also used his speech to push for safeguards for infrastructure more broadly. This week he signed an executive order to improve U.S. cybersecurity — demanding agencies work more closely with the private sector on such matters.
Meanwhile, Colonial Pipeline announced that operations were back to normal.
“Our team members across the pipeline worked safely and tirelessly around the clock to get our lines up and running, and we are grateful for their dedicated service and professionalism during these extraordinary times,” it announced, while also thanking the White House and other government agencies for their help.
The crisis had been an early headache for the Biden administration, which has faced a number of recent hits including a bad jobs report and an ongoing crisis at the southern border.
Republicans have pointed to the administration’s ending of the Keystone XL pipeline and claimed it was a sign that U.S. needs more pipelines, not fewer.
But Transportation Secretary Pete Buttigieg disputed that on Friday.
“It’s really apples and oranges when we talk about the consequences of a cyber attack on one pipeline versus the idea of introducing another one which the president kept his promise that he didn’t think that was a good policy and he acted to keep his promise when he took office,” he told The Washington Post.