Ransomware attack shuts down major US pipeline

A ransomware attack shut down the entire network of one of the largest fuel pipe operators in the US, Colonial Pipeline, on Friday.

The 5,500-mile pipeline transports 45 per cent of the East Coast’s fuel supply, pumping almost 2.5 million barrels a day from refineries on the Gulf Coast to southern and eastern states.

A ransomware attack is when cybercriminals encrypt data or systems, preventing access to them, usually followed by a ransom demand in exchange for access.

Experts expect fuel prices to rise between 2 and 3 per cent on Monday based on oil future prices.

The pipeline supplies over 50 million Americans – highlighting the potential of ransomware attacks to disrupt utilities on a mass scale.

The company said it is working with US law enforcement, external cybersecurity experts, and the Department of Energy to recover its operations.

Colonial’s four main pipelines remain inactive, however, some of its smaller lines are now operational.

US president Joe Biden was briefed on the matter on Saturday morning, and the Department of Transport granted an emergency waiver to 18 states which enables fuel to be transported by road.

Sources close to the matter implicated a criminal gang called DarkSide, which emerged in August 2020.

This group is believed to be based in a Russian speaking country as it has so far avoided attacking countries such as Ukraine, Belarus, Azerbaijan, and Kazakhstan that are part of the Commonwealth of Independent States.

Previous victims of Darkside include managed IT services provider CompuCom, Discount Car and Truck Rentals, Brookfield Residential, and Brazilian utility company Companhia Paranaense de Energia.

Darkside are known to deploy a “dual model” from previous attacks, where the gang also threatens to reveal victim’s data online if they fail to pay the ransom.

The group is thought to have taken almost 100 gigabytes of Colonial Pipeline’s data hostage according to sources close to the matter.

Critical industries remain a popular target for cybercriminals; attacks on healthcare, manufacturing and energy firms doubled in 2020 according to a new report from IBM.

Alejandro Mayorkas, secretary of the US Department of Homeland Security (DHS), said that dealing with ransomware will be a top priority for national security in April.

“We are engaged with the company and our interagency partners regarding the situation,” said Eric Goldstein, executive assistant director of the cybersecurity division at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. “This underscores the threat that ransomware poses to organisations regardless of size or sector.”

He added: “We encourage every organisation to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.