A ransomware cyber attack took down the U.S.’ largest fuel pipeline operator on Friday and as of today, the company’s operations are reportedly still largely offline.
Georgia-based Colonial Pipeline says that it transports approximately 45% of all fuel consumed on the East Coast.
“This is as close as you can get to the jugular of infrastructure in the United States,” Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab, told Reuters. “It’s not a major pipeline. It’s the pipeline.”
That a cyber attack has taken down such a critical piece of U.S. infrastructure “underscores the threat that ransomware poses to organizations regardless of size or sector,” said Eric Goldstein, executive assistant director of the cybersecurity division at CISA, in a comment to Reuters.
Bloomberg reported that the suspected hackers belong to a group known as Darkside, which targets private companies from English-speaking countries, and that they are believed to have stolen nearly 100 gigabits of data in two hours last Thursday — and then locked down Colonial’s computers and demanded ransom. Colonial was reportedly threatened with a two-pronged “double-extortion” scheme: That some of its stolen data would be published on the internet, and the information on the infected computers inside the company’s network would remain inaccessible unless Colonial paid the hackers.
A recent cybersecurity report from Keysight Technologies noted that hackers are increasingly combining demands for money with threats to release data, particularly data that will trigger regulatory penalties if it is published.
Colonial has said publicly that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” In a statement issued Sunday evening, the company said that its operations team is “developing a system restart plan.” Its multiple main lines remained offline, although it said that some of its smaller, lateral lines to delivery points had begun to operate. “We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so,” Colonial added.
CNBC reported Monday that Colonial’s operations have yet to be restored. The amount of time that the pipeline will remain offline is unclear, based on published press reports, and could cause substantial disruption if the pipeline is down for more than a few days.
According to Colonial’s website, it transports 100 million gallons of refined fuel products a day from the Gulf Coast to markets in the Southern and Eastern U.S., with a pipeline system than spans more than 5,500 miles and includes more than 280 facilities along the pipeline system; it says it uses “computerized technology” for constant monitoring of pressures, valve positions and the operating status of its pumps.