Biden: No evidence Russian government is involved in Colonial ransomware attack
At a press conference today, President Joe Biden said the US intelligence community has no evidence that the Russian government had any kind of involvement in the ransomware attack that crippled one of the US' largest fuel supply pipelines last week.
"So far, there is no evidence from our intelligence people that Russia is involved, though there is evidence the actors, the ransomware, is in Russia," President Biden said at the end of a daily press conference today, shortly after the Russian government issued a similar statement.
The president's statement came hours after the FBI formally blamed the attack on Colonial Pipeline on a ransomware gang known as Darkside.
The group operates a so-called Ransomware-as-a-Service platform, which it advertises on underground Russian-speaking hacking forums.
Security researchers have long believed the group is based either in Russia or in a former Soviet state, as its ransomware code will refuse to run on systems located in nations of the former Soviet bloc, a common configuration for malware coded by Russian hackers.
The attack on Colonial Pipeline, which has shut down fuel supply to most US East Coast states, has again reignited the conversation about how Russia provides a safe haven for criminal groups as long as they don't attack Russians and local companies.
Furthermore, US officials have previously accused multiple Russian intelligence agencies of recruiting criminal hackers for cyber-espionage operations, which muddied the waters when it came to determining the real culprit and reasons behind the Colonial incident.
"They [Russia] have some responsibility to deal with this," President Biden said today.
It is unclear what President Biden meant or wants from the Kremlin.
US officials had long tried to get Russian law enforcement agencies to arrest Russian hackers with no success and only managed to arrest Russian cybercriminals only when they traveled or vacationed outside the country, with the help of other cooperating countries.
Earlier today, the Darkside gang published a message on its dark web portal, iterating that the attack had no political connotations and that they were just trying to extort a large corporation for money.
DarkSide #ransomware Leaks Press Center: pic.twitter.com/NNmv0UphQw
— (@ddd1ms) May 10, 2021
President Biden's statement today comes to confirm assessments from private cybersecurity and threat intelligence companies, which have advised against attributing the attack to Kremlin, knowing that the Darkside group has long and solely operated with criminal profits in mind.
With the Colonial Pipeline ransomware attack expected to cause huge gas shortages across the US East Coast, many expect the Biden administration to aggressively crack down on ransomware operators.
The White House even has the perfect framework for this as, last month, a coalition named the Ransomware Task Force submitted an 80-page report to the Biden administration with suggestions on how the US could deter and go after ransomware gangs.
BREAKING: Early reports indicate trouble spots for gas outages, VA reporting 5% of stations without gasoline and rising after just 2 hours of reporting.
— Patrick De Haan (@GasBuddyGuy) May 11, 2021
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.