Colonial Pipeline attack: US officials believe Russia arrested hacker responsible

It appears to represent a rare example of cooperation between the United States and Russia against a major cybercrime group, following direct appeals from President Joe Biden to Russian President Vladimir Putin.

A cyberattack on Colonial’s pipeline in May prompted the company to preemptively shut down fuel distribution operations, leading to a widespread shortage of gas stations along the East Coast.

The official spoke to reporters after Russia’s FSB intelligence agency said on Friday that it had detained, at the request of US authorities, several people linked to REvil, a type of ransomware that has cost US companies millions of dollars.

The United States and Russia do not have an extradition treaty. While Russian authorities have said those arrested will be tried, the extent to which that will happen is unclear.

The FSB said that Russian authorities have confiscated millions of dollars, raided the homes of 14 people and detained an unspecified number of people linked to the so-called REvil ransomware. REvil was used in devastating hacks of the largest US meat supplier in May and US software provider Kaseya in July, with the latter infecting as many as 1,500 companies worldwide, US officials previously said.

The FSB announcement comes after a week of talks between the United States, its European allies and Russia, which failed to achieve a breakthrough over the tens of thousands of troops that Russia has amassed near the Ukrainian border.

“In our opinion, this is not related to what is happening with Russia and Ukraine,” the senior administration official said.

But some cybersecurity analysts have pointed to the timing of the FSB’s announcement, which comes at a time when the United States has threatened to impose severe sanctions on Russia if it invades Ukraine.

“This is Russian ransomware diplomacy,” Dmitriy Alperovich, a cybersecurity expert and chairman of the non-profit company Silverado Policy Accelerator, told CNN. “It is a signal to the United States: If you do not enact tough sanctions against us because of the invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.”


Leave a Comment