Panicked drivers queued in long lines at petrol stations across the Charlotte area as they rushed to fill their cars in the wake of the Colonial Pipeline closure.

The pipeline supplies the East Coast of America with about 45 per cent of its fuel but has now been offline for four days after a cyber attack.

Ransomware, which President Joe Biden believes came from Russia, forced the company to shut down pipeline controls system for safety reasons.

State of emergency declared amid fuel shortage

As fears grow over fuel shortages, North Carolina governor Roy Cooper declared a state of emergency to help ensure adequate supplies are delivered.

"Today's emergency declaration will help North Carolina prepare for any potential motor vehicle fuel supply interruptions across the state and ensure motorists are able to have access to fuel," Cooper said in a release.

The shutdown is also impacting flights out of Charlotte. American Airlines confirmed long-haul flights to Honolulu and London will now be forced to make additionals stops.

Four days after being forced to halt operations, Colonial said it was moving toward a partial reopening of its 8850km of pipeline - the largest fuel network between Texas and New York.

A smaller line within the network that transports fuel from North Carolina to Maryland is under manual operation, the company told Fox Business, as it aims to have the service restored by the end of the week.

Cars queue for petrol late into the night.
Cars queue for petrol late into the night.

DarkSide: Who are they?

The FBI identified the group behind the hack of the Colonial Pipeline as DarkSide, a shadowy operation that surfaced last year and attempts to lock up corporate computer systems and force companies to pay to unfreeze them.

DarkSide is known to extort cash from corporations and give a cut to charity, the Associated Press reported Sunday, citing sources familiar with the federal investigation.

DarkSide began attacking medium and large-sized companies mostly in Western Europe, Canada and the United States last year, reportedly asking for anywhere from a few hundred thousand dollars to a few million dollars, to be paid in Bitcoin.

In return, DarkSide supplies the company with a program that will unlock its computing systems.

They also download and retain large amounts of data from the company, threatening to release it publicly if the company does not pay up.

In a statement on their website on the dark net, they rejected allegations that they had any official backing.

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives," it said.

"Our goal is to make money, and not creating problems for society."

Biden says Russia to blame

President Joe Biden said Tuesday a Russia-based group was behind the cyberattack that forced the shutdown of the largest oil pipeline in the eastern United States.

"So far there is no evidence … from our intelligence people that Russia is involved, although there is evidence that actors, ransomware is in Russia," Biden told reporters.

"They have some responsibility to deal with this," he said.

Russia quickly rejected the accusation. "We categorically reject the baseless fabrications of individual journalists and reiterate that Russia does not conduct 'malicious' activity in the virtual space," the Russian embassy in the United States said in a statement.

At the White House, Deputy National Security Adviser Elizabeth Sherwood-Randall said Biden was being kept updated on the incident, which threatened to crimp supplies of gasoline, diesel fuel and jet fuel across much of the eastern United States.


What the experts say

Dmitri Alperovitch, one of the foremost cybersecurity experts who co-founded the firm CrowdStrike, said his group believes DarkSide enjoys official protection in Russia.

"A ransomware group we believe is operating (and likely harboured) by Russia has shutdown a company that is moving 45 per cent of petroleum supplying the East Coast. Is it a criminal act? Sure," he tweeted.

He said it also "undoubtedly" has "huge" national security implications, especially in US-Russia relations.

Another cybersecurity expert, Brett Callow of Emsisoft, told NBC News that an indication of the group's origins is that its software is designed to not work on computers whose default languages are Russian or several other eastern European languages.

"DarkSide doesn't eat in Russia," Callow told NBC.

Anne Neuberger, deputy national security adviser for cyber, said most ransomware comes from transnational criminal groups.

Asked if Colonial Pipeline or other companies should pay the ransom, she said the Biden administration has not offered advice on that.

"They have to balance the cost-benefit when they have no choice with regard to paying a ransom," she said. "Typically that is a private sector decision."

- with New York Post, AFP


Originally published as State of emergency declared in US

Some stations have run out of petrol.
Some stations have run out of petrol.
Drivers are facing long queues.
Drivers are facing long queues.