Nearly 400 million liters per day of fuel flow through the veins of the gigantic Colonial Pipeline on the east coast of USA. But for three days the vital network system has been closed by a cyberattack. Who is behind the “ransomware”? The group DarkSide.

Ransomware or “data hijacking” in Spanish, is a type of harmful program that restricts access to certain parts or files of the attacked operating system and asks for a ransom in exchange for removing this restriction.

It is, in any case, a cybernetic extortion that in this case left the gigantic oil pipeline out of operation. The lights are now focused on the criminal group known as DarkSide, which cultivates an image of Robin Hood of stealing from big business and donating a percentage of the loot to charity, two people familiar with the investigation revealed Sunday.

Colonial Pipeline storage tanks in New Jersey. Photo: Reuters

Meanwhile, the closure was extended to a third day, and the government of President Joe Biden indicated that it is working with “all available resources” to restore operations and avoid fuel supply interruptions.

Experts say gasoline prices are unlikely to be affected if the pipeline returns to normal operation in the coming days, but they consider the incident _ worst cyber attack to date against vital US infrastructure _ should serve as a wake-up call to companies about the vulnerabilities they face.

The pipeline, operated by Colonial Pipeline _ a Georgia-based company _, carries gasoline, diesel and jet fuel from Texas to the northeast of the country. Delivers almost the 45% of fuel that is consumed on the east coast, according to the company.

A police officer guards the entrance to Colonial Pipeline Co. Photo: Bloomberg

It was affected by what Colonial described as a “ransomware” attack, in which hackers often encrypt information to block access to computer systems, which paralyzes networks, and then demands a large ransom to free the network.

Colonial Pipeline said Sunday that it is in the process of restoring some of its information technology systems. The company says it remains in contact with law enforcement and other federal agencies, including the Department of Energy, which is leading the federal government’s response. The company has not disclosed what was required of him nor who did it.

DarkSide

However, two people familiar with the investigation, who spoke on condition of anonymity, said that DarkSide was responsible. It is one of the groups of “ransomware” that they have “professionalized” a criminal sector that has caused tens of billions of dollars in losses to some Western countries in the last three years.

DarkSide ensures that it does not attack medical, educational or government targets, but only large companies, and that it donates a portion of the proceeds to charitable organizations. It has been active since August and, just like the most powerful ransomware groups do, it is known for not targeting organizations in countries that used to belong to the Soviet bloc.

A drone image of the Colonial Pipeline fuel tanks. Photo: EFE

Colonial did not detail whether it had made a payment or was negotiating a ransom, and DarkSide also did not announce the attack on its deep web site or respond to requests from reporters from The Associated Press. The lack of details regarding the rescue often indicates that the victim is negotiating or already made a payment.

Colonial Pipeline said Sunday that it is developing a plan to “reboot the system.” It indicated that its main pipeline remains out of service, but that some of the smaller pipelines are already in operation.

“We are in the process of restoring service to other branches and will fully restore our online system only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said in a statement.

Commerce Secretary Gina Raimondo said Sunday that “ransomware” attacks are “what companies they have to worry now, ” and that it will work “vigorously” with the Department of Homeland Security to address the problem, which it described as one of the government’s top priorities.

“Unfortunately, these kinds of attacks are turning more frequent” he said on CBS’s “Face the Nation.” “We must work in partnership with businesses to make networks more secure in order to defend against these attacks.”

By Mae Anderson and Frank Bajak, Associated Press

ap