United States pipeline operator, Colonial Pipeline, has initiated the restart of its pipeline operations following a ransomware attack last week. In response to the attack, Colonial Pipeline had shut down 8,850 kilometres of pipelines across the United States. Those pipelines carry nearly half the country’s fuel supplies. But late on Wednesday afternoon, the fuel began flowing again.
The ransomware attack occurred on Friday, May 7. Colonial shut down its pipelines as a precautionary measure. In doing so, the vulnerability of energy infrastructure in the United States to a cyberattack was exposed. Colonial’s network of pipelines stretches from Houston up to New York.
The pipelines carry gasoline, diesel, and jet fuel. With concerns growing about fuel shortages, queues formed at gasoline stations as consumer demand jumped 20%. Atlanta’s Hartsfield Jackson International, currently the world’s busiest, gets its jet fuel via Colonial’s pipelines.
As a result of the ransomware attack, the biggest refinery in the United States, Motiva Enterprises Port Arthur refinery, shut down two of its crude distillation units on the weekend.
The group behind the ransomware attack was identified as DarkSide. Claiming it is apolitical and targets large companies purely for profit, DarkSide is described by a US-based cybersecurity business as “a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims.”
Cybersecurity experts and government officials broadly agree that ransomware attacks on large companies have and will become more common.
“The popularity and increasing maturity of the ransomware-as-a-service model combined with the aging systems that control energy systems is a compounding problem,” said cyber intelligence business Intel 471 earlier this week.
“As threat actors continue to observe ransomware’s operational success, more cybercriminals likely will want to get in on the action due to its thriving sub-industries (i.e. access brokers, credential shops, and bulletproof hosting) and higher returns when compared other crimes.”
Colonial Pipelines says it is now resuming operations while keeping an eye on safety. Adhering to US Government pipeline safety requirements, Colonial is conducting a comprehensive series of pipeline safety assessments.
“It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the startup period,” a statement issued by Colonial Pipelines says.
“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”
In addition to Colonial Pipelines bringing in their own external security and investigation teams, multiple US Government agencies are also on the case. The FBI has been conducting an investigation into DarkSide for some time. Now joining the fray are teams from the Energy Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.