• Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

Operations slowly resume after hackers shutdown major U.S. pipeline with ransomware attack

  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

Colonial Pipeline says it's slowly bringing its operations back online after a ransomware attack shut down its pipeline that supplies 45% of the fuel consumed on the East Coast. Security experts say ransomware attacks like this pose a growing danger to the country's critical infrastructure. CBS News justice and homeland security correspondent Jeff Pegues joins CBSN discusses how the Biden administration is planning to respond.

Video Transcript

ELAINE QUIJANO: A ransomware attack forced a vital US pipeline offline over the weekend. The Colonial Pipeline supplies nearly half of the fuel used on the East Coast. And now, the FBI has identified the hacker group behind the attack. CBS News Chief Justice and Homeland Security correspondent Jeff Pegues has the latest.

JEFF PEGUES: Tonight, US officials are pointing the finger at a shadowy Russian cyber hacking group blaming them for Friday's attack that caused nearly half the fuel supply flowing to the Northeast to come to a grinding halt.

JOE BIDEN: We're going to be meeting with President Putin.

JEFF PEGUES: The White House now calling it a criminal act.

JOE BIDEN: So far there is no evidence based on from our intelligence people that Russia is involved. Although, there's evidence that the actors of ransomware is in Russia. They have some responsibility to deal with this.

JEFF PEGUES: The Russian affiliated hacking group known as DarkSide implanted ransomware into Colonial Pipeline's business computers holding their company data hostage. That forced them to shut down 5,500 miles of pipeline that supplies fuel from Texas to New Jersey.

- They ended up locking up the systems, where Colonial can't use them. And they're demanding a multimillion ransom to be able to get access back to that network.

JEFF PEGUES: It's not known whether the company has or will pay that ransom, but the suspension in the pipelines operations has caused gas prices to tick up across the affected region.

- If this outage goes past the end of the week, prices could spike pretty dramatically.

JEFF PEGUES: The country's largest oil refinery in Texas has scaled back operations. And the shortage of jet fuel could impact several airports if the situation is not resolved soon. In a statement attributed to DarkSide, the group said, our goal is to make money and not creating problems for society. The FBI is urging critical infrastructure companies like Colonial to harden their defenses.

- This was not a nation state attack with sophistication. Ransomware is something that we have been talking about that we know how to prepare for.

ELAINE QUIJANO: And Jeff joins me now with more. So Jeff, this DarkSide group claims it doesn't target certain institutions and says it even gives some of the money it receives from ransoms to charity. So what more do we know about the group and its motivations?

JEFF PEGUES: Well, what they're saying is all PR because law enforcement officials here in the US believe that this is a criminal hacking group. And what they allegedly did in shutting down this pipeline, this is a major problem for US officials. And that's why you have the President today saying that the FBI is investigating this. We know other agencies are involved as well. So this is a serious thing no matter what this hacking group, DarkSide, as it does with the money.

ELAINE QUIJANO: Well, how concerned are US officials, Jeff, about the vulnerability of critical infrastructure to cyber attacks like this or more serious ones?

JEFF PEGUES: Well, listen, this has been a problem, Elaine, for some time. And there has been a lack of focus on keeping critical infrastructure safe as it relates to these cyber attacks. They've been ongoing on critical infrastructure for some time now, but it is something that perhaps the federal government and the American people really haven't been paying attention to.

In the past, we've done reports on dams, on the Eastern seaboard being targeted by hackers. And so there are other targets that these criminal hacking groups go after. And sometimes, the nation states are behind some of this cyber activity. And so critical infrastructure is something that people are concerned about in terms of these cyber attacks and the ransomware attacks. And there are members of Congress saying that this is a wake up call, that this is something that the government really has to pay attention to going forward.

ELAINE QUIJANO: Well, Jeff, is the Biden administration planning any sort of response to the attack on Colonial?

JEFF PEGUES: Well, I think the first step is really getting to the bottom of what exactly happened here. The fact that the FBI came out so quickly today and named DarkSide as the prime suspect says a lot. Because in a lot of these cases, attribution can take months, sometimes longer than that. But in this case, the investigators feel pretty good about what they have in terms of digital evidence tying this criminal activity to this group called DarkSide.

It's a relatively new hacking group according to the people that we've talked to about it. But still, the hacking group has gamed a certain amount of notoriety because of some of the tactics that has used in the past. So there is a concerted effort on the part of law enforcement to get to the bottom of this criminal activity. The question is, what really motivated this group to do it? Was there a nation state involved? Those are just some of the questions that law enforcement will try to answer.

And there are a lot of people who believe the DarkSide is in Russia somewhere. And that says a lot. You know, former government officials have come out to say, something like this couldn't happen. This kind of ransomware attack carried out allegedly by a group called DarkSide that allegedly has a footprint in Russia, this kind of activity could not happen without the blessing of the Kremlin. But that is not something that law enforcement officials are saying just yet. Perhaps, too early for that. But obviously, that's something that they will look into whether this is something that was tied to a nation state as well.

ELAINE QUIJANO: And Jeff, you touched on this a moment ago, but when you look at America's infrastructure, how big of a threat to organizations like this pose to companies and consumers who rely on the products and services that these businesses provide?

JEFF PEGUES: Well, listen, I happen to think that ransomware is one of the undercovered stories of the last five, six years. You know, we used to hear about these ransomware attacks targeting hospitals. And then from there, it progressed to cities. And now, even local police departments are being targeted by ransomware hackers.

And so this is a major problem ultimately, you know, especially when it comes to ransomware attacks on cities, it's taxpayers that end up footing that bill. So this is a serious issue that, again, government officials will have to focus more on because these criminal hacking groups, this is a business model for them. They are making money doing this. And so you can expect that they'll try to do it again and again and again, until they're caught.

ELAINE QUIJANO: Clearly, so many threats on the horizon when it comes to this. Jeff Pegues for us. Jeff, thank you very much.

JEFF PEGUES: My pleasure.