Cyber experts warn $5M ransom payment to DarkSide hackers will encourage MORE ransomware attacks on US: Biden says FBI cleared Putin of involvement but admits group IS in Russia

  • Security experts and members of Congress are expressing dismay at reports that Colonial paid ransom
  • New report says Colonial did meet $5M ransom demand made by DarkSide ransomware gang 
  • Biden declined to comment on ransom and said the hackers will be prosecuted 'to the full extent of the law' 
  • President said FBI does not believe Russian government was responsible, but that hackers live in Russia
  • Colonial Pipeline has begun a system restart that will take several days to restore normal operations
  • Key fuel pipeline was taken offline last week by ransomware attack from Russia-linked hackers
  • On Thursday afternoon, 73% of gas stations in Washington, DC were dry as outages continued
  • In North Carolina, 68% were offline and half of stations in Georgia, Virginia and South Carolina were dry 
  • Station outages spread from New Jersey to Mississippi, and national gas prices rose to $3.028
  • Across the affected region, more than 10,000 gas stations were out of service 
  • Analysts say that it could take several weeks for the fuel distribution system to return to normal 
  • Gas travels through the pipeline at just 5mph, meaning it takes two weeks to travel the entire length
  • Biden orders creation of cyber review board and new software standards for government agencies 

Advertisement

President Joe Biden refused to comment on Thursday when asked about the ransom payment

President Joe Biden refused to comment on Thursday when asked about the ransom payment 

National security experts and members of Congress are expressing alarm that Colonial Pipeline paid a reported $5 million ransom to Russia-linked hackers that held the key fuel pipeline hostage, saying it will only inspire more attacks on critical infrastructure. 

'If Colonial has indeed paid, it unfortunately puts other US critical infrastructure providers even more in the crosshairs than they were before,' Brett Callow, a threat analyst with Emsisoft, told DailyMail.com on Thursday. 

'Like legit businesses, criminal enterprises do things that have been proven to work and, if infrastructure attacks work, they'll do more. Rinse and repeat,' he added.  

The White House has distanced itself from the ransom decision, referring all questions on the subject to Colonial, and President Joe Biden refused to comment on Thursday when asked about the ransom payment.

The FBI consistently discourages companies and individuals from meeting criminal ransom demands, saying that it encourages further attacks. 

Though Colonial has begun a system restart, on Thursday afternoon, a staggering 73 percent of gas stations in Washington DC were dry. In North Carolina, 69 percent were offline and half of all stations in Georgia, Virginia and South Carolina were dry, according to GasBuddy. 

The outages still spread from New Jersey to Mississippi with more than 10,000 gas stations offline, and the national average price of gas rose to $3.028, the highest level since 2014, according to the AAA Gas Price Index. 

Republicans in Congress are expressing fury at Colonial for reportedly meeting the extortion demands of the Russia-linked hacking syndicate DarkSide.

'The U.S. Government and U.S. companies should not pay ransoms to terrorists, as this only emboldens terrorist organizations and makes Americans the target of future attacks,' Rep. Bruce Westerman, an Arkansas Republican, said in a statement.

'Terrorist organizations should be met with the full force of the U.S. Government and the message should be unequivocally understood: America does not bow to terrorists,' he added. 

DarkSide, which emerged last summer and targets a wide range of U.S. companies for extortion, has not been officially designated a foreign terrorist organization by the State Department. 

'The Colonial Pipeline is back online, but while we fill our cars with gas, the hackers lined their pockets with ransom money,' tweeted Rep. Madison Cawthorn, a freshman Republican from North Carolina, the state hardest-hit in the fuel crisis. 

'American infrastructure should not be some stagecoach to be held up at gunpoint by foreign hackers. We need answers. This can never happen again,' he added. 

Vehicles wait in lines at the Costco in Raleigh, North Carolina on Thursday. As the crisis entered its seventh day, fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations

Vehicles wait in lines at the Costco in Raleigh, North Carolina on Thursday. As the crisis entered its seventh day, fuel headaches continued for motorists in the South even after the Colonial Pipeline restarted operations

DarkSide's payment portal for hacking victims is seen above. The criminal syndicate charges an extra 20% for payments in Bitcoin, which is harder to launder than alternative Monero (XMR), suggesting Colonial paid roughly an extra $830,000

DarkSide's payment portal for hacking victims is seen above. The criminal syndicate charges an extra 20% for payments in Bitcoin, which is harder to launder than alternative Monero (XMR), suggesting Colonial paid roughly an extra $830,000 

DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim's server and encrypts it. The software leaves a ransom note text file with demands (pictured above)

DarkSide finds vulnerabilities in a network, gains access to administrator accounts and then harvests data from the victim's server and encrypts it. The software leaves a ransom note text file with demands (pictured above)

Biden said the FBI does not believe Russian President Vladimir Putin was responsible for the ransomware attack that paralyzed the key gas pipeline and spurred fuel shortages across the South.

'We do not believe the Russian government was involved in this in attack. But we do have strong reason to believe that the criminals who did this attack are living in Russia,' Biden told reporters on Thursday, citing an FBI report on the cyberattack.  

Price gougers caught charging up to $9.99 a GALLON in crisis 

An unidentified gas station in North Carolina is seen in a photo posted this week

An unidentified gas station in North Carolina is seen in a photo posted this week

Amid the fuel crunch, gas stations have been spotted charging up to $9.99 a gallon in a price gouging move.

While the national average price of gas is up to $3.03, the highest since 2014, some unscrupulous stations have taken advantage of the crisis by jacking up prices. 

Photos posted to social media and sporadic reports suggest some stations were charging nearly $10 a gallon.

Most states have laws in effect restricting price increases to a reasonable percentage in the crisis.  

In remarks on Thursday, Biden warned gas stations against price gouging, saying 'nobody should be using this situation for financial gain.'

Advertisement

Biden said the FBI believed Putin was not directly involvement in orchestrating the attack -- though the U.S. president vowed that the criminals responsible would be prosecuted 'to the full extent of the law'.

'We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,' he said.

Asked if he had been briefed about reports that Colonial Pipeline paid off the hackers to regain control of their systems, Biden said: 'I have no comment on that.'  

The pipeline operator Colonial paid the hackers nearly $5 million in untraceable cryptocurrency, contradicting earlier reports that the company had no intention of meeting the criminal gang's extortion demands, two people familiar with the transaction told Bloomberg.  

The ransom was paid off just hours after the attack commenced last week, the people said, yet the pipeline remained offline for another six days, triggering severe gas shortages, panic buying and chaos across the South. 

The decryption key provided by the hackers was so slow the company continued using its own backups to help restore the system, one person said. 

As well, the 40-year-old pipeline is said to maintain a complex IT infrastructure that includes antiquated systems which have been 'bolted on top' of each other over the years.

On its payment portal, DarkSide promises its victims: 'Don't worry, we are good decryption specialists.' 

The extortion payoff was made in Bitcoin, according to New York Times reporter Nicole Perlroth

DarkSide charges victims a 20 percent premium for payments made in Bitcoin versus the alternative cryptocurrency Monero, which is easier to launder, suggesting that Colonial paid roughly an extra $830,000 to quickly end the attack. 

John Catsimatidis, the billionaire grocery chain owner and radio personality, told Fox Business Network that he heard Colonial paid a ransom of $4 million, and called the hackers 'terrorists'. 

In his remarks, Biden said his administration has taken 'extraordinary measures' such relaxing trucking rules that had helped fill the tanks of 5 million vehicles. 

On Wednesday night, Biden also waived the Jones Act, which restricts transfers between U.S. ports to American ships, and he said the administration will grant additional waivers if necessary. 

Biden also urged drivers to not get more gas than they need, saying he expects the situation to improve by this weekend and warned gas stations against price gouging.

'Nobody should be using this situation for financial gain, that is what the hackers were trying to do,' he said.

In an update, Colonial predicted all markets it serves would be receiving gas by noon on Thursday

In an update, Colonial predicted all markets it serves would be receiving gas by noon on Thursday

A tanker delivers gas to a gas station in Alexandria, Virginia on Thursday. Drivers from DC to Florida are feeling the after-effects of the Colonial Pipeline shutdown, waiting in long lines, and driving around in search of a station with gas

A tanker delivers gas to a gas station in Alexandria, Virginia on Thursday. Drivers from DC to Florida are feeling the after-effects of the Colonial Pipeline shutdown, waiting in long lines, and driving around in search of a station with gas

A long line of motorists wait to fill up as a tanker resupplies a Speedway in Arlington, Virginia on Thursday

A long line of motorists wait to fill up as a tanker resupplies a Speedway in Arlington, Virginia on Thursday

Motorists line up for gas at one of the few remaining gas stations that still has fuel in Arlington, Virginia, on Thursday. The Colonial Pipeline network has resumed fuel deliveries, but gas stations up and down the east coast were still facing shortages

Motorists line up for gas at one of the few remaining gas stations that still has fuel in Arlington, Virginia, on Thursday. The Colonial Pipeline network has resumed fuel deliveries, but gas stations up and down the east coast were still facing shortages

Colonial has begun to slowly restart the nation's largest fuel pipeline, but it will take several days for the 5,500 mile pipeline network to return to normal operations, Colonial said, even as motorists in southeastern states jammed stations seeking fuel. A return to ample supplies could take two weeks, analysts said.

Gas travels through the pipeline at just five miles per hour, meaning it will take two weeks to reach New York once flow is restored from the Texas refining hub, according to Bloomberg. Diesel and jet fuel take even longer.

How long will it take before the situation is normal in my state? 

GasBuddy analyst Patrick De Haan  provided these estimates of how long it will continue to be a 'headache' to buy gas in each affected state.

Alabama, Delaware, Mississippi, West Virginia: 2-5 days of headaches if you need fuel

DC, Florida, Maryland, Tennessee: 5-12 days of headaches

Georgia, North Carolina, South Carolina, Virginia: 7-14 days of headaches

Advertisement

Colonial said in an update on Thursday: 'By mid-day today, we project that each market we service will be receiving product from our system.'  

The cyberattack halted 2.5 million barrels per day of shipments of gasoline, diesel and jet fuel last Friday after the most disruptive cyberattack ever on U.S. energy infrastructure, causing chaos across the South and spiking gas prices nationwide. 

Though Colonial has begun its system restart, relief will not be immediate for millions of frustrated motorists, and the pipeline operator warned of possible 'intermittent service interruptions during the start-up period.' 

GasBuddy analyst Patrick De Haan expects shortages to get worse over the next two days before they get better, tweeting: 'While the Colonial Pipeline is restarting, the [gas station] outage numbers may drift higher over the next 48 hours before then beginning to fall.' 

Initial reports from Reuters and Washington Post claimed that Colonial Pipeline did not plan to pay the ransom demanded by hackers who encrypted data on systems that run the pipeline.

Both the reports claiming that Colonial refused to pay the hackers and Bloomberg and CNBC reports saying that they did pay were based on anonymous sources.

A spokesperson for Colonial did not immediately respond to an inquiry from DailyMail.com on Thursday asking whether the ransom was paid, and has consistently refused to comment on the ransom demand or payment. 

White House Press Secretary Jen Psaki said on Thursday: 'It continues to be the position of the federal government, the FBI, that it is not in the interests of of the private sector for companies to pay ransom because it incentivizes these actions.' 

House Speaker Nancy Pelosi also said that ransom should not be paid by companies that are the victims of cyber attacks like the one suffered by Colonial Pipeline.

'We don't want people to think there's money in it to threaten the security of a critical infrastructure in our country,' Pelosi told reporters at her weekly press conference on Thursday.

Earlier this week, the White House drew criticism after senior officials broke from the FBI 's advice that companies should not pay ransomware demands, saying instead it was instead a decision for the private sector.

'We recognize that victims of cyberattacks often face a very difficult situation,' said Anne Neuberger, deputy national security adviser for cyber, said at a briefing on Monday.

'And they have to just balance off, in the cost-benefit, when they have no choice with regard to paying a ransom.'

The Colonial Pipeline is seen above in blue. Gas travels through the pipeline at just five miles per hour, meaning it will take two weeks to make the 1,600-mile journey to New York once flow is restored from the Texas refining hub

The Colonial Pipeline is seen above in blue. Gas travels through the pipeline at just five miles per hour, meaning it will take two weeks to make the 1,600-mile journey to New York once flow is restored from the Texas refining hub 

Significant parts of the Southeast are heavily dependent on the Colonial Pipeline (seen in blue) for fuel

Significant parts of the Southeast are heavily dependent on the Colonial Pipeline (seen in blue) for fuel

Fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on Thursday outside Washington, DC. The Colonial Pipeline has returned to operations following a cyberattack that disrupted gas supply for the eastern US for days

Fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on Thursday outside Washington, DC. The Colonial Pipeline has returned to operations following a cyberattack that disrupted gas supply for the eastern US for days

A government map shows a mishmash of pipelines, petroleum ports and petroleum refineries. The Southeastern area is dependent on the Colonial Pipeline, whereas the Gulf area, the Northeast and the Midwest have other fuel sources

A government map shows a mishmash of pipelines, petroleum ports and petroleum refineries. The Southeastern area is dependent on the Colonial Pipeline, whereas the Gulf area, the Northeast and the Midwest have other fuel sources

Gas takes two weeks to travel the length of the Colonial Pipeline 

Gas travels through the pipeline at just five miles per hour, meaning it will take two weeks to reach New York from the Texas refining hub once flow is restored, according to Bloomberg

Diesel and jet fuel, which are thicker and heavier, take even longer to make the roughly 1,600-mile trip.

Gas flows through the system on Line 1 from Houston to a hub in Greensboro, North Carolina.

From Greensboro, a line with capacity for 900,000 barrels a day serves New York Harbor. 

At 5mph, gas in the system would have traveled just 90 miles on Thursday morning, following the restart. 

Advertisement

The FBI has accused a shadowy criminal gang called DarkSide of the ransomware attack. The group, believed to be based in Russia or Eastern Europe, has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies, including an Illinois tech firm.

Russia's embassy in the United States vehemently rejected speculation that Moscow was behind the attack. On Monday, Biden stopped short of blaming the Russian government, but said the criminal hacking gang was believed to be based in Russia. 

A cybersecurity source tells DailyMail.com that the DarkSide group scans targets and does not attack them if their systems use the Russian language. 

Hacker gangs in Russia are believed to operate with the tacit approval of the Russian government, so long as they only target foreign victims. 

On Wednesday,  Biden ordered the creation of an air accident-style cyber review board and the imposition of new software standards for government agencies following a spate of digital intrusions that have rattled the United States.

The executive order's initiatives include the creation of a organization that would investigate major hacks along the lines of National Transportation Safety Board inquiries that are launched after plane crashes. They also include the imposition of new security standards for software bought by government agencies

Colonial said it was working with cybersecurity experts to investigate the attack and had taken additional security measures before beginning the restart. 

The company said its control center is handling the restart of the pipeline, which stretches from refineries on the U.S. Gulf Coast to consumers in Mid-Atlantic and Southeast states. 

The gas supply crunch sparked panic buying in the U.S. Southeast, bringing long lines and high prices at gas stations ahead of the peak summer driving season. 

'Our top priority right now is getting the fuel to the communities that need it,' U.S. Transportation Secretary Pete Buttigieg told reporters.

Fuel stocks in the U.S. Northeast will likely hit five-year lows this week as the restart slowly progresses, said S&P Global Platts analyst Richard Joswick. Full recovery 'will take a couple of weeks at least,' he added.   

A gas station pump in Bethesda, Maryland has a sign stating that the station is out of gas on Thursday

A gas station pump in Bethesda, Maryland has a sign stating that the station is out of gas on Thursday 

Motorists fill their tanks and jerrycans following a gas delivery to a Speedway gas station in Alexandria, Virginia on Thursday

Motorists fill their tanks and jerrycans following a gas delivery to a Speedway gas station in Alexandria, Virginia on Thursday

A note is posted to let motorists know the pumps are empty at a gas station in Arlington, Virginia on Thursday. Widespread station closures have hit the DC area, with half of station in the US capital dry on Thursday morning

A note is posted to let motorists know the pumps are empty at a gas station in Arlington, Virginia on Thursday. Widespread station closures have hit the DC area, with half of station in the US capital dry on Thursday morning

At a Citgo station in East Atlanta, Charles Williams, 66, a local musician, filled his wife's Mini Cooper after seeing people with large jerry cans loading up.

'I wouldn't say I know they're hoarding, but I don't know if they're helping,' he said.

Privately owned Colonial Pipeline opened portions of the line manually in Georgia, Maryland, New Jersey and the Carolinas. It also accepted 2 million barrels of fuel to begin efforts to 'substantially' restore operations by week's end, the company has said. 

Fuel industry representatives urged consumers to stop panic buying. They noted the country has plenty of gasoline supplies and said hoarding is creating shortages in areas not served by the pipeline.

'Retailers right now have sold several days worth of inventory within a few hours,' said Rob Underwood, President of the Energy Marketers of America.

Four southeastern states - Florida, North Carolina, Virginia and Georgia - joined federal regulators in relaxing driver and fuel restrictions to speed deliveries of supplies. Georgia suspended sales tax on gasoline until Saturday. 

Gulf Coast refiners that move fuel to market on the Colonial Pipeline have cut processing. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery, and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant.

Citgo said it was moving products from Lake Charles and 'exploring alternate supply methods into other impacted markets.' Marathon Petroleum said it was 'making adjustments.'

Several airlines have been transporting fuel by truck or fueling planes at destinations rather than at East Coast origins. American Airlines said it would resume on Thursday non-stop service on two long-haul flights out its Charlotte, North Carolina hub.

Delta Air Lines Chief Executive Ed Bastian said the airline has been told fuel supplies will be available 'hopefully by the end of the week and as long as those predictions come true hopefully we'll be OK.'

A Citgo station is seen out of gas on Thursday in Dallas, Georgia. Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a cyberattack

A Citgo station is seen out of gas on Thursday in Dallas, Georgia. Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a cyberattack

Pipeline hack sends motorists scrambling for fuel across the South: Scenes of chaos as long lines form and fights break out at the pump

A run on gas following a computer hack of the nation´s largest fuel pipeline had North Carolina tow-truck driver Jonathan King worried about whether he could do his job.

'I drive all over the place,' King said at a packed gas station outside Winston-Salem on Wednesday. 'It gets really busy. And yeah, with the fuel going the way it´s going, it´s going to be very hard for us. Hopefully we´ll be able to get through it.'

The cybersecurity attack on the Colonial Pipeline has prompted fuel-hoarding and panic-buying in parts of the Southeastern U.S., striking fear and stress among those who've waited in long lines for gas. And while Colonial initiated the restart of pipeline operations late Wednesday, the company said it will take several days for deliveries to return to normal.

The scene at gas stations was far from typical Wednesday after governors of both North Carolina and Virginia declared states of emergency to help ensure supply and access to gas.

As people in the region emerge from the lockdowns and limitations of the coronavirus pandemic, some feared the prospect of lost wages and missed doctors appointments. They also worried about canceling plans with family members who they were only beginning to see again.

Motorists in Knightdale, North Carolina, on the outskirts of Raleigh, traded blows on Tuesday as frustrations boiled over in a long line for gas at a Marathon station
A witness said a woman tried to cut the line for gas, and then screamed obscenities and spit on a man who refused to let her in

Motorists in Knightdale, North Carolina, on the outskirts of Raleigh, traded blows on Tuesday as frustrations boiled over in a long line for gas at a Marathon station

Mary Goldburg, 60, of Norfolk, Virginia, said she needs her car for work but also to see her grandchildren - whom she barely got to see last year. Her job includes delivering T-shirts for events and other promotional products.

'I can´t get paid until my customers get their products,' said Goldburg as a slow-operating pump filled her tank for more than 20 minutes at a 7-Eleven.

Construction worker Jamar Gatison, 36, was also filling up his tank there Wednesday before he had a doctor´s appointment.

'I'm about to run out of gas, so I have no choice,' Gatison said, adding that he is also is an Uber Eats driver but wasn't planning on delivering food that night because he didn't want to wait in line again.

Restaurants and bars, which are already struggling to fill job openings, will find themselves particularly squeezed, said Robert McNab, an economics professor at Virginia´s Old Dominion University. Some workers may not be able to come to work. And some customers may abandon plans to eat out.

'In all likelihood, these service workers will be impacted most significantly, with rising fuel and food prices eating a larger part of their household budgets and income being reduced this month by the fear-induced shortage of gasoline,' McNab said.

Long lines of cars wait for gas at a Costco in Atlanta on Wednesday morning, as a gasoline shortage across the southern Atlantic seaboard deepens after a Russian-linked cyberattack on a key oil pipeline

Long lines of cars wait for gas at a Costco in Atlanta on Wednesday morning, as a gasoline shortage across the southern Atlantic seaboard deepens after a Russian-linked cyberattack on a key oil pipeline

The Colonial Pipeline delivers about 45 percent of the fuel consumed on the East Coast. There is no gasoline shortage, according to government officials and energy analysts. But there has been a problem getting the fuel from refineries on the Gulf Coast to the states that need it, and officials have been scrambling to find alternate routes to deliver that fuel.

The distribution problems and panic-buying have been draining supplies at thousands of gas stations. On Wednesday, four to five cars were lined up at each pump at a Circle K in Clemmons, North Carolina, a community southwest of Winston-Salem along I-40.

Detlef Badorrek said he drove to four gas stations before he found one where he could fill up his car. He expressed concern that motorists may become a little more unnerved as the situation extends itself.

'I sense things could go a little bit more desperately as time goes by. So far, it's reasonable,' he said.

But not for everyone, apparently. Two people were charged with assault after a fight over spots in a line at a Marathon gas station in Knightdale, outside Raleigh, on Tuesday afternoon, authorities said.

The man and woman arguing over spots each spat in the other´s face before the fight turned physical and a cellphone was damaged, police said.

Video posted on Instagram shows two cars bumped up against each other at a gas station. The woman was charged with simple assault and the man was charged with assault on a female and damage to personal property, police said. Both were cited and released with a pending court date.

A huge line forms for gasoline at Costco on Wendover Avenue in Greensboro, North Carolina, on Tuesday. As the shutdown of a major fuel pipeline entered into its fifth day, efforts are under way to stave off potential fuel shortages

A huge line forms for gasoline at Costco on Wendover Avenue in Greensboro, North Carolina, on Tuesday. As the shutdown of a major fuel pipeline entered into its fifth day, efforts are under way to stave off potential fuel shortages

In Walton County, Georgia, paramedic Jeff Lisle had just under a quarter-tank of gas in his Jeep - but no one knew of any stations near his house that had gas. So, he went to his garage and found a small amount in the cans he uses for his lawnmower in case he needed the extra boost to make it to work.

As for the ambulances he works in, 'we have to buy fuel at gas stations like everybody else does,' he said. That means that whenever possible, the ambulances have been stopping to refuel when they´re lucky enough to drive past a station with gas.

Along the Appalachian Trail, which stretches from Georgia to Maine, hikers depend on car and van shuttles to access the trail and get supplies.

'Everybody´s out here buying from the same gas pumps, so the lines are long, some are out -- you´ve really got to look for it,' said Ron Brown, who operates Ron´s Appalachian Trail Shuttles and often takes hikers from Atlanta´s airport into the north Georgia mountains..

But he said that hikers are resourceful enough to get where they need to go.

'It will get rectified because it´s a big deal, and everybody needs gas,' he said. 'We´ll just make do until it does.' 

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.