Colonial Pipeline, which operates the largest gasoline pipeline in the country, was forced to shut down operations on Friday due to a ransomware attack.
In a Saturday statement, Colonial Pipeline said that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
Colonial’s pipelines are a crucial delivery system for the eastern seaboard of the United States. According to the company, their pipelines transport 2.5 million barrels per day and supply approximately 45 percent of all fuel used on the East Coast.
Allan Liska, senior threat analyst at cybersecurity firm Recorded Future, told Bloomberg that the attackers appear to have used a ransomware group called DarkSide to carry out the attack. DarkSide first emerged in August of 2020. DarkSide has used its ransomware on many companies, including CompuCom (an Office Depot subsidiary) as well as a Canadian division of rental car company Enterprise.
According to data security firm Arete, DarkSide finds vulnerabilities in a network, gains access to administrator accounts, and then harvests data from the victim’s server and encrypts it. The software then leaves a ransom note text file with demands. Ransoms average more than $6.5 million and the attacks lead to an average of five days of downtime for the business.
If Colonial Pipeline’s system remains shut down, it could affect the futures market. “As every day goes by, it becomes a greater and greater impact on Gulf Coast oil refining,” Andrew Lipow, president of consultancy Lipow Oil Associates told Reuters. “Refiners would have to react by reducing crude processing because they’ve lost part of the distribution system.”
Colonial Pipeline has notified federal officials and they are investigating the incident along with private security firm Mandiant, the Washington Post reported. But ransomware attacks like this are becoming increasingly common. “There are absolutely cases in industrial operations where ransomware impacts operations,” Robert M. Lee, the chief executive officer of Dragos, told the Post. But not all of these attacks get reported in the media, he said. “There are lots of industrial control companies that are battling ransomware around the United States.”
Or, as Christopher Krebs, a former Homeland Security official who was ousted by former president Trump, told Congress this week when describing the proliferation of cyber attacks, “To put it simply, we are on the cusp of a global digital pandemic driven by greed.”