By Jeff Martin, Frank Bajak, and Nomaan Merchant

Gas shortages at the pumps have spread from the South, all but emptying stations in Washington, D.C., following a ransomware cyberattack that forced a shutdown of the nation’s largest gasoline pipeline. Though the pipeline operator paid a ransom, restoring service was taking time.

As Georgia-based Colonial Pipeline reported making “substantial progress” in restoring full service, two people briefed on the matter confirmed that the company had paid the criminals a ransom of about $5 million in cryptocurrency for the software decryption key required to unscramble their data network. The people spoke on condition they not be further identified because they were not authorized to divulge the information. Bloomberg first reported the payment.

President Joe Biden, when asked by a reporter on Thursday if he had been briefed about the ransom payment, said “I have no comment on that.”

Biden also said that his administration will try to disrupt the hackers' ability to operate.

The tracking service GasBuddy.com on Friday showed that 88% of gas stations were out of fuel in the nation's capital, 45% were out in Virginia and 39% of Maryland stations were dry. About 65% of stations were without gas in North Carolina, and nearly half were tapped out in Georgia and South Carolina.

Colonial said Thursday that operations had restarted and gasoline deliveries were being made in all of its markets, but it would take “several days” to return to normal, and some areas may experience “intermittent service interruptions during this start-up period.”

“Our current expectation based on the conversations between the company and experts at the Department of Energy is that the vast majority of markets and affected regions are receiving fuel at gas stations for consumers, and will continue to receive more fuel throughout the weekend and into early next week,” White House press secretary Jen Psaki said at a Friday briefing. “Hence, getting us closer to return us back to normal.”

A gas station owner in Virginia said panic buying is the problem.

“It’s like a frenzy,” Barry Rieger, who owns a gas station in Burke, Virginia, told WJLA-TV.

In North Carolina, at least five school systems canceled in-person learning on Friday as the gasoline supply crisis continued. Wake County, with the largest school system in North Carolina, emailed parents citing “the impact of the gas shortage on staffing availability and student transportation.”

Businesses were also feeling the sting.

At Dixie Speedway in Woodstock, Georgia, maintenance and safety vehicles have to be filled up, but “all the gas stations close to use -- within a mile of us -- are out of gas,” said Mia Green, the track’s general manager. She’s heard of racetracks that canceled this weekend's races because crews might not be able to get there due to gas shortages.

Many authorities are warning of the dangers of hoarding gas.

In South Carolina, a woman was severely burned after flipping a car that a deputy tried to pull over for a suspected stolen license plate Thursday night. The fire touched off multiple explosions due to fuel “that she was hoarding in the trunk of the vehicle," a Pickens County sheriff’s statement said.

In Florida, a 2004 Hummer was destroyed by fire Wednesday shortly after the driver had filled up four 5-gallon (18-liter) gas containers in Homosassa, according to Citrus County Fire Rescue spokeswoman Cortney Marsh. Firefighters doused the blaze and found the melted gas containers. One man was injured, but refused medical treatment, she said.

A cyberattack by hackers who lock up computer systems and demand a ransom to release them hit the pipeline on May 7. The hackers didn't take control of the pipeline’s operations, but Colonial shut it down to prevent the malware from impacting its industrial control systems.

Biden said U.S. officials do not believe the Russian government was involved but said “we do have strong reason to believe that the criminals who did the attack are living in Russia. That’s where it came from.”

Biden has promised aggressive action against DarkSide, the Russian-speaking ransomware syndicate responsible for the attack. The syndicate's public-facing darknet site went offline on Thursday and its administrator said in a cybercriminal forum post that the group had lost access to it.

This does not necessarily mean U.S. or allied cyberjockeys knocked it offline. Cybersecurity experts said that DarkSide, which rents out its ransomware to partners to carry out the actual attacks, could have taken it down to prevent Western law enforcement from tracking down the rest of its infrastructure.

And just because DarkSide’s public-facing structure is offline doesn’t mean its backend operations have been impacted, said Alex Holden, the founder of Hold Security, who closely monitors the cybercriminal underground.

"DarkSide’s main servers are alive,” said analyst Yelisey Boguslavskiy of the cybersecurity firm Advanced Intelligence. While the servers are hidden, encrypted traffic to and from them is being monitored by threat hunters, he said.

DarkSide stole information from Colonial's network prior to locking up the data on Friday. It's not known how long the cybercriminals were inside the network. DarkSide is among the ransomware gangs that employ double extortion, threatening to dump online sensitive data they steal before activating the ransomware. In Colonial's case, that could potentially include data on contracts with suppliers that would be of keen interest to stock and commodities traders.

DarkSide, in fact, recently offered to share data stolen from victims with inside traders.

It would not be surprising if DarkSide were to disappear, experts noted. Ransomware gangs have dissolved and ‘rebranded’ under different names in the past when the heat was on.

The Colonial Pipeline system stretches from Texas to New Jersey and delivers about 45% of the gasoline consumed on the East Coast.

“We are not out of the woods yet, but the trees are thinning out,” Richard Joswick, global head of oil analytics at S&P Global Platts, said.

Gas stations should be back to normal next week if the pipeline restart goes as planned and consumers are convinced they no longer need to panic-buy fuel, Joswick said. Full recovery would take several more weeks, he estimated.

—-

Bajak reported from Boston, Martin from Marietta, Ga., and Merchant in Washington. Freida Frisaro in Miami also contributed.

Share:
More In Business
‘Chainsaw Man’ anime film topples Springsteen biopic at the box office
A big-screen adaptation of the anime “Chainsaw Man” has topped the North American box office, beating a Springsteen biopic and “Black Phone 2.” The movie earned $17.25 million in the U.S. and Canada this weekend. “Black Phone 2” fell to second place with $13 million. Two new releases, the rom-com “Regretting You” and “Springsteen — Deliver Me From Nowhere,” earned $12.85 million and $9.1 million, respectively. “Chainsaw Man – The Movie: Reze Arc” is based on the manga series about a demon hunter. It's another win for Sony-owned Crunchyroll, which also released a “Demon Slayer” film last month that debuted to a record $70 million.
Flights to LAX halted due to air traffic controller shortage
The Federal Aviation Administration says flights departing for Los Angeles International Airport were halted briefly due to a staffing shortage at a Southern California air traffic facility. The FAA issued a temporary ground stop at one of the world’s busiest airports on Sunday morning soon after U.S. Transportation Secretary Sean Duffy predicted that travelers would see more flights delayed as the nation’s air traffic controllers work without pay during the federal government shutdown. The hold on planes taking off for LAX lasted an hour and 45 minutes and didn't appear to cause continued problems. The FAA said staffing shortages also delayed planes headed to Washington, Chicago and Newark, New Jersey on Sunday.
Boeing defense workers on strike in the Midwest turn down latest offer
Boeing workers at three Midwest plants where military aircraft and weapons are developed have voted to reject the company’s latest contract offer and to continue a strike that started almost three months ago. The strike by about 3,200 machinists at the plants in the Missouri cities of St. Louis and St. Charles, and in Mascoutah, Illinois, is smaller in scale than a walkout last year by 33,000 Boeing workers who assemble commercial jetliners. The president of the International Association of Machinists says Sunday's outcome shows Boeing hasn't adequately addressed wages and retirement benefits. Boeing says Sunday's vote was close with 51% of union members opposing the revised offer.
FBI’s NBA probe puts sports betting businesses in the spotlight
The stunning indictment that led to the arrest of more than 30 people — including Miami Heat guard Terry Rozier and other NBA figures — has drawn new scrutiny of the booming business of sports betting in the U.S. The multibillion-dollar industry has made it easy for sports fans — and even some players — to wager on everything from the outcome of games to that of a single play with just a few taps of a cellphone. But regulating the rapidly-growing industry has proven to be a challenge. Professional sports leagues’ own role in promoting gambling has also raised eyebrows.
Load More