Russia has emphatically denied any involvement in the ransomware attack that crippled the U.S. Colonial Pipeline, forcing the company to shut down operations and prompting the Biden administration to issue an emergency declaration on Sunday.
The pipeline, which stretches more than 5,500 miles and carries 45 percent of the East Coast’s supply of diesel, petrol and jet fuel, was taken offline over the weekend, disrupting fuel supply across eastern parts of the country and pushing prices up.
The company was forced to take IT systems offline and shut down operations on Friday last week as it announced it had hired a third-party cybersecurity firm to investigate the targeted ransomware attack.
Hacker group DarkSide has since claimed responsibility for the attack, even issuing an apology, saying its goal was not in “creating problems for society” but “to make money.” However, many have speculated Russian involvement in the hack.
Addressing reporters on Tuesday, Kremlin Spokesman Dmitry Preskov denied any such allegations. “Russia has nothing to do with these hacker attacks, nor with the previous hacker attacks,” Preskov said, as reported by Russian news agency TASS. “We categorically reject any accusation against us.”
A number of cybersecurity researchers, including firms contacted by BBC News, speculated that the cybercriminal gang could be Russian, as their software avoids encrypting any computer systems where the language is set as Russian.
During a White House briefing on Monday, President Joe Biden said that although U.S. intelligence had found no evidence to link the attack with the Russian government, he believed the country had “some responsibility to deal with” the issue since some evidence did indicate that the ransomware may have originated in Russia.
Ransomware attacks typically involve a hacker taking control of a computer system and installing software that requires the user to pay a fee before their computer system is returned to them.
“I’m going to be meeting with President Putin and so far there is no evidence, based on our intelligence people, that Russia is involved,” Biden said. “Although, there’s evidence that the actors’ ransomware is in Russia, they have some responsibility to deal with this.”
However, Preskov hit back saying the U.S. is “refusing to cooperate” to counter cyber-threats.
“We can only regret that the U.S. is refusing to cooperate with us in any way to counter cyber-threats,” Preskov said. “We believe that such cooperation – both international and bilateral – could indeed contribute to the common struggle against this scourge [known as] cyber-crime.”
Hacking group DarkSide described themselves as “apolitical” in a statement posted to the dark web on Monday.
“We are apolitical, we do not participate in geopolitics, [you] do not need to tie us with a defined government and look for … our motives,” the group reportedly wrote. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
DarkSide is a relatively new group that, since August 2020, has used ransomware cyberattacks to hack various companies in the U.S. and Europe. They have attempted to extort companies with threats, for instance, of leaking personal data. The group claims to give part of the money it makes to charity organizations.