Russia Nabs Colonial Pipeline Hacker In Raids On Ransomware Ring, U.S. Says


Russia’s Federal Security Service (FSB) arrested a hacker believed to be responsible for a May cyberattack on the Colonial Pipeline, a fuel pipeline running from Texas to New York, the Biden administration confirmed Friday.

Key Facts

The FSB raided the homes of 14 people, seized millions of dollars and detained an unspecified number of people connected to REvil, a Russia-based ransomware operation, CNN reported.

Russian authorities said that the people apprehended in the raids would be prosecuted, CNN reported.

The arrests came after months of talks between the Biden Administration and Russian officials, and were the result of what the FSB called “the appeal of competent U.S. authorities,” Politico reported.

Key Background

Ransomware attacks have become an increasingly urgent problem for businesses, with up to 1,500 around the world targeted by the REvil ransomware group alone, CNN reported. On May 7, the Colonial Pipeline was shut down to contain the effects of a ransomware attack by a hacker group calling itself DarkSide. Colonial Pipeline paid the hackers about $4.4 million in bitcoin, of which about $2.3 million was recovered by Justice Department officials in June. The pipeline resumed operations May 12, at which point 11 states were suffering  significant fuel shortages. North Caroline was hardest-hit, with 65% of gas stations in the state reporting they had no fuel on the day the pipeline restarted. On May 14, DarkSide announced that its servers had been seized by law enforcement and that the group would disband.

Further Reading

“US officials believe Russia arrested hacker responsible for Colonial Pipeline attack” (CNN)

“How Private Equity Factors In To The Colonial Pipeline Hack” (Forbes)


YouTube video