The FBI issued a statement on Monday attributing the cyberattack on Colonial Pipeline’s networks to the ransomware group called Darkside.
The bureau said it was notified of a network disruption at Colonial Pipeline on Friday and that it continues to work with government partners and the company on the investigation with regard to the breach. Nextgov reported that Colonial Pipeline is working on a “system restart plan.”
“While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” Colonial Pipeline said in a statement obtained by the publication.
The White House also established an interagency task force led by the Department of Energy to respond to the cyber breach at Colonial Pipeline, according to Nextgov.
Liz Sherwood-Randall, homeland security adviser to the president, said in a press briefing that the task force also includes the FBI, Cybersecurity and Infrastructure Security Agency, Department of Transportation’s Pipeline and Hazardous Materials Safety Administration, the departments of Defense and the Treasury and other agencies.
Anne Neuberger, deputy national security adviser for cyber and emerging technology and a 2021 Wash100 Award winner, said the ransomware used in the attack is a known variant and that the intelligence community is investigating potential links to nation-states.