US denies disrupting Russian cyber group behind Colonial pipeline hack

US denies disrupting Russian cyber group behind Colonial pipeline hack
© Getty Images

The United States did not take action against the cyber criminal group that was behind the ransomware attack on Colonial Pipeline earlier this month, officials told The Washington Post.

Four U.S. officials speaking the condition of anonymity told the newspaper that military cyber operators did not take steps to disrupt cyber group DarkSide, nor did any other U.S. agency.

The revelation comes after DarkSide said last week it lost access to a public part of its infrastructure due to disruptions from law enforcement, but it did not name a specific agency. The group also blamed “pressure from the U.S.” to disband, but did not elaborate.

ADVERTISEMENT

“In view of the above, and due to pressure from the US, the affiliate program is closed,” the group said. “Stay safe and good luck.”

The Post noted the announcement came shortly after President BidenJoe BidenHaiti prime minister warns inequality will cause migration to continue Pelosi: House must pass 3 major pieces of spending legislation this week Erdoğan says Turkey plans to buy another Russian defense system MORE said Thursday that the U.S. was going to pursue a measure to disrupt the group.

Biden said the government did not believe the Russian government was involved, but that the group was based there.

“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against ransomware networks,” Biden said in part. “We are also going to pursue a measure to disrupt their ability to operate.”

A spokesperson for the Cyber Command told The Post “we don’t comment on cyber planning, intelligence, or operations as a matter of operational security.”

NSA and DOJ had no comment when reached by The Hill. 

ADVERTISEMENT

The Hill has reached out to the Cyber Command, FBI and NSC for comment. 

The FBI has said that DarkSide was responsible for the hack on Colonial that forced the company to temporarily shutter 5,500 miles of pipeline, causing gas shortages. The company restarted operations last week.

Colonial CEO Joseph Blount told The Wall Street Journal that the company paid the equivalent of $4.4 million in bitcoin on May 7, the day it was attacked, so it could regain access to its systems. 

“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

“But it was the right thing to do for the country,” he added.

Updated on May 20 at 5:44 a.m.