Ransomware leads to shutdown of US fuel pipeline
Colonial Pipeline was forced to suspend 5,500 miles of pipeline between Texas and New York after hackers breached its networks
10 May 2021 | 0
A ransomware attack has lead to the shutdown of one of the main fuel pipelines in the US after hackers targeted the networks of Colonial Pipeline.
The company, which manages 45% of the US east coast’s fuel supplies, was forced to suspend 5,500 miles of pipeline between Texas and New York after falling victim to a double-extortion scheme carried out by the DarkSide ransomware group.
DarkSide, which is believed to be based in a post-Soviet country, is known for targeting US organisations. The group recently made headlines for selling information about their ransomware attacks to stock traders, and months earlier, it attempted to donate around $20,000 in stolen Bitcoin to charity before the donations were refused.
Last Thursday, DarkSide managed to obtain almost 100GB of data from Colonial Pipeline’s network, before locking computers with ransomware and demanding payment, two people involved in the investigation told Bloomberg. This forced the fuel operator to shut down operations on Friday, with the incident being confirmed by the company on Saturday.
“On May 7, Colonial Pipeline Company learned it was the victim of a cyber security attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” Colonial Pipeline stated.
“Leading, third party cybersecurity experts were also immediately engaged after discovering the issue and launched an investigation into the nature and scope of this incident. We have remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response,” it added.
The Biden administration announced an emergency loosening of regulations for the transport of petroleum products on highways, with the Department of Transportation issuing a temporary waiver to enable oil products to be shipped in tankers up to New York.
However, government cyber security expert at Nominet, Steve Forbes, warned that “the attack on Colonial is likely to have a ripple effect across the globe”.
“While the demand for oil across the US east coast is evident, the fact that this is already impacting the financial markets and traders, demonstrates that it really is the tip of the iceberg. That’s not to mention the fact that the severity of this breach will worsen if confidential information is leaked, as the group has threatened. Being able to take systems offline and begin a process of restoration is undeniably important, but there is an additional threat if this data is exposed. It underlines the importance of international collaboration to bring down these highly coordinated groups early in their development if we want to protect our critical services,” he told IT Pro.
“As we watch the domino effect of this cyber attack, it is very apparent that impact is not limited to systems and software – victims will come in all shapes and sizes, from industries to individuals,” added Forbes.
Earlier this year, a water treatment facility in Florida was targeted in a failed attempt to poison the water supply after hackers attempted infiltrated a water treatment facility and ramped up the Sodium Hydroxide (NaOH) levels. The computer systems of a water treatment facility, located in the city of Oldsmar, Florida, were remotely breached twice on 5 February.
© Dennis Publishing
Professional Development for IT professionals
The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more