The Biden administration says cybercriminals in Russia are suspected in a ransomware attack on a gas pipeline. Yet this hack is very different from another big intrusion blamed on Russia last year.
RACHEL MARTIN, HOST:
Just how vulnerable is American infrastructure to cyberattacks? The hack on a major U.S. pipeline has drawn that question to the fore. The Biden administration says Russian cybercriminals are the likely suspects in the attack that shut down a major U.S. gasoline and jet fuel pipeline to a large portion of the East Coast. Yet this hack is very different from another big intrusion blamed on the Russian government that targeted U.S. government computers last year. NPR national security correspondent Greg Myre is here to explain. Hey, Greg.
GREG MYRE, BYLINE: Hey, Rachel.
MARTIN: OK. So first, just explain this particular attack on the company called Colonial Pipeline. This is a pipeline that supplies almost half the gasoline in the eastern part of the U.S., right?
MYRE: That’s right. And now the FBI says that it’s a ransomware attack carried out by a criminal group known as DarkSide. And President Biden says it looks like they operate from Russia, though he’s not linking it specifically to the Russian government. DarkSide has been very active in recent months. They tend to target big U.S. companies that can pay big ransom. Now, I spoke with Wendi Whitmore at Palo Alto Networks. She says her security firm is dealing with more than 10 separate attacks attributed to DarkSide. And she says they have a very distinct style in their attacks.
WENDI WHITMORE: Once the malware is deployed and systems begin shutting down and the screen comes up that, you know, demonstrates who you’re working with, they give you very nice, clear instructions on where you can go find information to communicate with them.
MARTIN: So then, Greg, do most companies then decide to just pay the ransom?
MYRE: That’s true. Many do. With this particular case with Colonial, we don’t know. They haven’t said whether they paid a ransom or not. But overall, DarkSide and other very skilled cybercriminals have a really high success rate and almost no risk of being punished. However, some companies have backed up their data, so when this happens, they refuse to pay to get their own data back. But in this case, DarkSide will then make, like, a second threat. They’ll say that they’ll release information that they’ve seized to embarrass a company or hurt its reputation or perhaps even tank its stock price. Again, here’s Wendi Whitmore.
WHITMORE: Now we’re going to make you pay because we’re going to release publicly. And in the case of one of our victims, they’re saying, here’s the information. Like, we’re going to release five tranches of information. Here’s what’s in the first batch; here’s second, third, fourth, fifth. So they’re clearly looking to, you know, monetize and find some sort of angles that they can negotiate.
MYRE: So these can be real hardball negotiations that lead to some tough decisions for companies.
MARTIN: But as we noted in the intro, I mean, these kinds of criminal attacks are different from the one that the U.S. blamed explicitly on the Russian government. This is the SolarWind’s attack. Can you explain that?
MYRE: Right. So that was another major breach but with a very different goal. The U.S. intelligence community believes that the Russians broke into U.S. government computers in March of last year. And then they operated with real stealth for months before they were finally detected in December. Now, the prevailing view is this was a Russian intelligence operation. The Russians wanted to vacuum up U.S. government secrets and remain undetected for as long as possible. We should remember Russian President Vladimir Putin is a former spy, and he seems to appreciate all kinds of cyber mischief directed at the U.S. He’s invested heavily in the Russian intelligence service to mess with the U.S. election. But he’s also tolerant, if not supportive, of Russian cybercriminals who inflict pain on the U.S.
MARTIN: So what does the Biden administration do about this?
MYRE: Well, Biden has been teasing his plans to announce his cybersecurity plans, and analysts say when he does so, he’ll really need to present a robust response on both of these fronts.
MARTIN: NPR’s Greg Myre. Thank you, Greg. We appreciate it.
MYRE: My pleasure.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.