A criminal group originating from Russia named "DarkSide" is believed to be responsible for a ransomware cyberattack on the Colonial Pipeline, according to a former senior cyber official.
DarkSide typically targets non-Russian speaking countries, the source said. The attack has led the White House to form an interagency working group over the weekend to prepare for various scenarios, including whether additional steps need to be taken to mitigate any potential impact on fuel supply, a White House official said Sunday.
Bloomberg and The Washington Post have also reported on DarkSide’s purported involvement in the cyberattack.
Colonial Pipeline Company said Sunday it is working to develop a restart plan for its pipeline system, which was temporarily shut down to contain the threat.
The company’s main lines remain offline, but some smaller lines between terminals and delivery points are now operational, the company said in a statement Sunday, adding that it "will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations."
The Department of Energy is leading the federal government response, according to the company, which was also engaged with the FBI and Department of Homeland Security.