Leading US Gasoline Pipeline Hit By Ransomware Attack, Halts Operations

Over the past years, ransomware has become the most prevalent and expensive form of cybercrime. The estimated global damage wrecked by ransomware attacks in 2020 stood at a mammoth USD 20 billion, a significant rise from USD 11.5 billion in 2019. And among the countries, the United States experiences the most severe ransomware attacks.

In 2019, the US was hit by a host of ransomware attacks that affected at least 966 state-owned agencies, educational institutions, and healthcare providers, causing a potential damage of over USD 7.5 billion.

Even before the US recovered from the damage caused by the high-profile ransomware attack on Washington, D.C., Police Department in April 2021, a new ransomware attack impeded the operations of the largest gasoline pipeline in the country.

Colonial Pipeline, the leading fuel pipeline operator in the US, temporarily halted its entire network on Friday following a ransomware attack.

Also Read: 18 Tips To Prevent Ransomware Attacks! (Infographic)

The pipeline is a crucial artery for the East Coast, transporting around 45% of the fuel consumed across the region. Spanning around 5,500 miles, the pipeline transports more than 100 million gallons of fuel, including gasoline, diesel, and jet fuel, daily to consumers from Houston, Texas, to the New York Harbor.

Colonial Pipeline Company said in a statement on Saturday that they were “the victim of a cybersecurity attack and have since determined that the incident involved ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.”

Colonial informed that it roped in a leading, third-party cybersecurity expert to launch an investigation into the nature and scope of the attack. The oil company also contacted law enforcement and other federal agencies, including the Department of Energy.

“At this time, our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline. Over the past 48 hours, our personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline,” the company added.

Though the investigation is in the early stages, Allan Liska, senior threat analyst at cybersecurity firm Recorded Future, claimed that the attack appeared to be carried out by an Eastern European-based criminal gang called DarkSide.

The DarkSide group has hit utility firms before, he said. In February, DarkSide’s ransomware attacks disrupted operations at two Brazilian state-owned electric companies, Companhia Paranaense de Energia (Copel) and Centrais Eletricas Brasileiras (Eletrobras).

The ransomware attack on Colonial comes at the time the nation’s energy sector is bracing for summer travel and high fuel demand as lockdown restrictions are eased. And a prolonged shut down of the pipeline could lead to sporadic outages at fuel terminals along the US East Coast and trigger a spike in gas prices.

After the Colonial interruption was reported on Friday, the refining margin for a combined barrel of gasoline and diesel increased 2%, and Nymex gasoline futures gained 1.32 cents to settle at USD 2.1269 per gallon.

A White House statement said that President Joe Biden was briefed on the ransomware attack. It said that the government is “working to assess the incident’s implications, avoid disruption to supply, and help Colonial Pipeline restore operations as quickly as possible.”

“We are engaged with the company and our interagency partners regarding the situation,” said Eric Goldstein, Executive Assistant Director of the cybersecurity division at the Department of Homeland Security’s CISA. “This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

Contact Us

More Articles: