One of the USA’s largest oil pipelines has been shut by ransomware .
The Colonial Pipeline, which says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the USA’s East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil.
It’s been offline since May 7th, according to a company statement, due to what the outfit describes as “… a cybersecurity attack [that] involves ransomware.”
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
Third-party experts were engaged to probe and remediate the situation and by Saturday the company said it was “actively in the process of restoring” its technology operations.
Reuters reports that the DarkSide ransomware gang is thought to be behind the attack. DarkSide is thought to both encrypt victims’ data and exfiltrate it to gain leverage in ransom negotiations. The gang has also shared evidence that it has made charitable donations, and said it feels an obligation to share some of the ransoms it wins.
At the time of writing the pipeline remained closed, although a Sunday evening (US time) update to Colonial’s announcement said some “smaller lateral lines between terminals and delivery points” have been restored.
The incident hasn’t panicked energy users, because substantial reserves are in place and alternative sources continue to flow.
But it’s still a scary event, because attacks on critical infrastructure have long been identified as having the potential for enormous harm. This one has halted operations of infrastructure that impacts the lives of millions of people, every day.
And as is so often the case, the victim of a ransomware attack appears not to have worked towards short recovery time objectives.
The US Justice Department two weeks ago established a Ransomware and Digital Extortion Task Force to fight the scourge. ®