Oil Pipeline Operator Temporarily Shuts Down Amid Ransomware Attack
A ransomware attack believed to have been carried out by a Russian criminal group has forced Colonial Pipeline to temporarily shut down its operations.
According to the pipeline’s operator, the attack crippled the company’s computer systems. Colonial Pipeline assured that it has already taken certain systems offline to contain the threat, The Maritime Executive reported.
Colonial Pipeline’s network spans more than 5,500 miles. It serves customers from Houston, Texas, all the way to Linden, New Jersey, running through states such as Louisiana, Mississippi, Alabama, Georgia, South Carolina, Tennessee, Virginia and Pennsylvania.
Transporting approximately 2.5 million barrels of petroleum products, it accounts for over 10 percent of the nation’s entire daily petroleum consumption and half of the fuel supply for the East Coast.
Cyberattacks on the energy pipeline could lead to fuel shortages and rising prices along the Eastern Seaboard, as reflected in the last Colonial Pipeline shutdown taken in 2017 as a precautionary measure during Hurricane Harvey.
A ransomware-as-a-service group of Russian origin dubbed Darkside is suspected to be the mastermind behind the cyberattack.
Security consultancy Cybereason notes that Darkside is known for encrypting, locking and publicly releasing a target’s data if ransoms are left unpaid.
The Cybersecurity and Infrastructure Security Agency, together with cybersecurity consulting company FireEye, is carrying out an investigation and is working to restore Colonial Pipeline’s operations.
FireEye played a key role in detecting the SolarWinds hack. In December, the company released a report noting a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute the Sunburst malware.
Tags: CISA Colonial Pipeline cyberattack cybersecurity Cybersecurity and Infrastructure Security Agency Darkside energy pipeline FireEye ransomware attack The Maritime Executive