Colonial Pipeline attack: US officials believe Russia arrested hacker responsible
It appears to mark a rare instance of US-Russian cooperation against a major cybercrime group, following direct appeals from President Joe Biden to Russian President Vladimir Putin.
The cyberattack against Colonial Pipeline in May prompted the company to preemptively shut down its fuel distribution operations, leading to widespread shortages at gas stations along the East Coast.
The official spoke to reporters after Russia’s FSB intelligence agency said Friday that, at the behest of US authorities, it had detained multiple people associated with REvil, a type of ransomware that has cost US firms millions of dollars.
The US and Russia do not have an extradition treaty. While Russian authorities said those apprehended would be prosecuted, the extent to which that will happen is unclear.
The FSB said Russian authorities had seized millions of dollars, raided the homes of 14 people and detained an unspecified number of people connected with the so-called REvil ransomware. REvil was used in damaging hacks on a top US meat supplier in May and US software provider Kaseya in July, with the latter infecting up to 1,500 businesses around the world, US officials have previously said.
The FSB’s announcement follows a week of talks among the US, its European allies and Russia that failed to reach a breakthrough over the tens of thousands of troops Russia has amassed near Ukraine’s border.
“In our mind, this is not related to what’s happening with Russia and Ukraine,” the senior administration official said.
But some cybersecurity analysts pointed to the timing of the FSB announcement, which comes as the US has threatened severe sanctions on Russia if it invades Ukraine.
“This is Russian ransomware diplomacy,” Dmitri Alperovitch, a cybersecurity expert who is chairman of the non-profit Silverado Policy Accelerator, told Fintech Zoom. “It is a signal to the United States: If you don’t enact severe sanctions against us for invasion of Ukraine, we will continue to cooperate with you on ransomware investigations.”