An NPR member station
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Major Fuel Pipeline Remains Shut Down From Ongoing Ransomware Attack

AILSA CHANG, HOST:

The White House says it's working closely with a major fuel pipeline operator to restore service that has been shut down since last Friday due to an ongoing ransomware attack. The company, Colonial Pipeline, runs a network that stretches for more than 5,000 miles, from Houston to just outside New York City. It supplies close to half of the refined gasoline used on the east coast of the U.S. For the latest, we're joined now by NPR national security correspondent Greg Myre.

Hey, Greg.

GREG MYRE, BYLINE: Hi, Ailsa.

CHANG: OK, so let's start with the pipeline itself. Where do things stand now with this shutdown?

MYRE: Well, Colonial Pipeline said that after it learned about the ransomware attack last Friday, as a precaution, it took all its pipeline systems offline just to contain the threat, make sure it didn't spread. Now, the company has begun to restore some smaller systems that feed the main pipelines. They did this over the weekend. Today they say they hope to substantially restore systems by the end of the week. We don't know if the company has or will pay the ransom. But generally, that is what happens. And as you noted, these pipelines start in the Gulf outside Houston, Texas. They go east to Georgia, then all the way up the east coast to just outside New York City, going through more than a dozen states.

CHANG: Wow. Will this disrupt the gasoline supply on the east coast or make the price of gas go up?

MYRE: So at a White House briefing today, the official said there is no supply shortage. There's no crisis now. Gas prices are averaging about $3 a gallon across the country. We're not seeing any sharp jumps. Because of the pandemic and reduced driving, there really isn't a supply issue right now. And the FBI has named the group that's responsible. It's known as DarkSide, and it's an organization that the FBI says it's been following since last October. It's believed to be a private criminal group. Its location is not certain, but many analysts say it does look like it could be coming from Russia. And here's what President Biden had to say.

(SOUNDBITE OF ARCHIVED RECORDING)

PRESIDENT JOE BIDEN: There is evidence that the actors' ransomware is in Russia. They have some responsibility to deal with this.

CHANG: OK, so the president is pointing towards Russia, but do we even know if there's any link between this group and the Russian government?

MYRE: So at this point, the government and cyber experts say DarkSide is behaving much more like a criminal group that's just interested in money. It's contacting its victims. It's posting statements on the dark web. In contrast, a government operation might quietly seek intelligence or try to inflict some damage. Now, I spoke about DarkSide with Wendi Whitmore at Palo Alto Networks. She says her cybersecurity firm is currently involved in more than 10 separate cases involving DarkSide.

WENDI WHITMORE: So they're certainly very, very prolific today, and they're quite busy, right? The organizations we have seen them thus far go after most commonly are health organizations or insurance carriers.

MYRE: So a pipeline would be something new for the group, she says. But it is in keeping with a tendency to go after larger companies that can pay larger ransoms. And we should note that Russia has allowed these groups to operate freely as long as they keep their attacks abroad.

CHANG: OK, so there clearly is a known threat here. But where does that leave us? Like, what are private companies and the government doing to stop this?

MYRE: Well, the cyber experts have been literally shouting for years about the risks to critical infrastructure. They say the private companies, like Colonial Pipeline, haven't done enough to protect their systems, and they say the government needs to do more to identify threats and offer clear guidance to the private sector. Now, President Biden is pushing very hard for lots of new infrastructure, but this attack shows the need to protect existing infrastructure.

CHANG: That is NPR's Greg Myre.

Thank you, Greg.

MYRE: My pleasure. Transcript provided by NPR, Copyright NPR.

Greg Myre is a national security correspondent with a focus on the intelligence community, a position that follows his many years as a foreign correspondent covering conflicts around the globe.