Skip to Main Content

Legal

Russia arrests hacker in Colonial Pipeline attack, U.S. says

The arrests followed months of negotiations between the Biden administration and Russian officials around the ransomware attack and other cybersecurity concerns.

Motorists wait in line to refuel at a Circle K gas station on May 12, 2021 in Fayetteville, North Carolina. Most stations in the area along I-95 were without fuel following the Colonial Pipeline hack. The 5,500 mile long pipeline delivers a large percentage of fuel on the East Coast from Texas up to New York.

Motorists in Fayetteville, N.C., had to wait in line to refuel in May 2021 after the Colonial Pipeline was hacked by Russian cybercriminals. | Sean Rayford/Getty Images

By Maggie Miller

Russian authorities on Friday arrested an individual tied to the crippling ransomware attack that snarled much of the U.S. gasoline supply last year, the Biden administration confirmed Friday.

The arrest was among several made by the Russian Federal Security Service on Friday as part of an effort to crack down on the REvil ransomware group, which has been tied to the attacks last year on meat producer JBS and IT company Kaseya. It came despite rising tensions between the U.S. and Moscow over a Russian troop buildup on the Ukrainian border, as well as years of suspected Kremlin-backed cyber-espionage campaigns against the United States.

“We understand that one of the individuals who was arrested today was responsible for the attack against Colonial Pipeline last spring,” a senior administration official told reporters.

“I want to be very clear: In our mind, this is not related to what is happening with Russia and Ukraine,” the official added.

The DarkSide hacking group, another ransomware gang suspected of being based in Russia, was linked to the attack on Colonial Pipeline. The attack, and an ensuing panic among consumers, led to gas shortages in several U.S. states amid a temporary shutdown of the pipeline.

The arrests followed months of negotiations between the Biden administration and Russian officials around the ransomware attack and other cybersecurity concerns, and the FSB said Friday that its actions were tied to “the appeal of competent U.S. authorities.” These efforts included a meeting between President Joe Biden and Russian President Vladimir Putin last year in Geneva and follow up conversations by phone.

The arrests took place the same day hackers defaced and disabled dozens of Ukrainian government websites, with experts suspecting Russia to be behind the attack.

The administration official stressed that while the arrests were “welcome,” they drew a clear line in the sand between the administration’s view of the actions in Russia and the Ukrainian website defacements.

The individuals arrested will remain in Russia, rather than being extradited to the United States. The administration will be watching next steps there closely, the senior official said.

“Our expectation is that Russia announced arrests and that Russia would be pursuing legal action within its own justice systems,” the official said, adding that it is “our expectation that they be brought to justice.”