UPDATE 5/12: As of 5 p.m ET, Colonial Pipeline has started to bring its pipelines back online.
"Following this restart, it will take several days for the product delivery supply chain to return to normal," it said in a statement. "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."
UPDATE 5/10: The FBI confirms that the cyberattack is due to ransomware known as DarkSide. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, says it's a ransomware-as-a-service attack, meaning "criminal affiliates conduct attacks and then share the proceeds with ransomware developers."
UPDATE 5/9: Colonial Pipeline says "some smaller lateral lines between terminals and delivery points" are now back online, though its four mainlines are not. "We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations," it says.
The Biden administration has also declared a state of emergency, which will allow the transportation of gasoline, diesel, jet fuel, and other refined petroleum products by road in several states when these pipelines are shut down.
NBC News reports that a Russian ransomware group known as DarkSide may be behind the attack. Reuters says DarkSide comprises "veteran cybercriminals" focused on financial gain. It later published a statement reportedly from the group, which says its "goal is to make money, and not creat[e] problems for society."
UPDATE 5/8 5:30 p.m. ET: Colonial Pipeline has since confirmed that the attack "involves ransomware," but did not provide any additional details.
In a statement, Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, says: "We are engaged with the company and our interagency partners regarding the situation.
"This underscores the threat that ransomware poses to organizations regardless of size or sector," he added. "We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats."
Original story 5/8:
A cyberattack has taken a major US pipeline operator offline.
In a statement, Colonial Pipeline said it was “the victim of a cybersecurity attack.” It has taken “certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
The company did not elaborate on what happened. It’s alerted law enforcement and other federal agencies and hired a cybersecurity firm to investigate the breach. But the Washington Post reports that Colonial is victim of a ransomware attack, which means the company was likely hit by malware that has locked its systems, with hackers demanding money to unlock them.
A federal source tells the Post that it’s too early to tell who attacked Colonial.
“Colonial Pipeline is taking steps to understand and resolve this issue,” the company said in its statement. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”
Colonial operates a 5,500-mile pipeline system between Houston, Texas, and Linden, New Jersey, and says it transports more than 100 million gallons of fuel each day. According to the New York Times, much of that fuel goes into huge storage tanks, so this attack is “unlikely to cause any immediate disruptions.”
But ransomware and other cyberattacks on critical infrastructure are a growing concern. Cities large and small have paid ransoms to unlock their systems, as have hospitals. Experts generally warn against these payouts, as there’s no guarantee payment will result in the restoration of access. The Treasury Department last year also warned that ransomware payouts could violate US sanctions.
Some of these attacks are inside jobs from disgruntled employees, or pulled off by hackers looking for a payday. But the bigger worry is that a nation-state like Russia, China, or Iran has breached critical systems and has the power to disrupt water, power, and gas.
The recent SolarWinds hack, for example, was pulled off by Russia, according to US officials, while Chinese state-sponsored hacking groups are reportedly exploiting big vulnerabilities in Microsoft Exchange Server.
Last month, the Department of Justice indicted a 22-year-old Kansas man for trying to tamper with the local water supply after hacking into a public water system. And earlier this year, a hacker remotely accessed a water treatment plant in Florida and tried to poison the water supply, according to local police.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
