North Fulton County

FBI confirms criminal gang responsible for ransomware attack on gas pipeline

ALPHARETTA, Ga. — The FBI has confirmed that a criminal gang known as DarkSide is responsible for a cyber attack targeting the country’s largest fuel pipeline system.

Colonial Pipeline, which is based in Alpharetta, had to shut down many of its operations due to the attack. But it says its operations may be back up soon.

Ransomware attacks typically lock up computer systems by encrypting data, paralyzing networks, and then demanding a large ransom to unscramble it.

[RELATED: AAA says prices at the pump are likely to increase starting this week]

“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation,” the FBI said in a statement Monday.

DarkSide cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation told The Associated Press on Sunday.

Experts say this is the worst cyberattack to date on critical U.S. infrastructure.

[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]

On Sunday, Colonial Pipeline said it was actively in the process of restoring some of its IT systems. It says it remains in contact with law enforcement and other federal agencies, including the Department of Energy, which is leading the federal government response. The company has not said what was demanded.

Atlanta emergency officials warned that the attack could cause some disruption to gas supply in Georgia, though major shortages are not currently anticipated.

[RELATED: How could pipeline shutdown impact gas supply, pricing in Georgia?]

On Monday, Colonial Pipeline said it hopes to “substantially” restore operational service by the end of this week.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a news release.


On Sunday, Colonial Pipeline said it is developing a “system restart” plan. It said its main pipeline remains offline but some smaller lines are now operational.

AAA said gas prices have risen by six cents since last week due to the attack and may hit an all-time high on Monday.

[SIGN UP: WSB-TV Daily Headlines Newsletter]

Comments on this article