Ransomware attack on US pipeline operator (May 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]The last few days have again seen spectacular cases of ransomware infections on companies and organizations. The biggest case occurred last Thursday in the U.S., where the largest U.S. pipeline company had to shut down its operations after a successful ransomware attack. In the process, the pipeline that supplies fuel to the U.S. East Coast was also shut down as a precautionary measure


Ransomware at Colonial Pipeline

Colonial Pipeline transports refined petroleum products between refineries on the Gulf Coast to customers in the southern and eastern United States. In the process, 2.5 million barrels a day pass through the 8850 km pipeline – or about 45% of all fuel consumed on the East Coast. The Wallstreet Journal, which reported on the incident here, also published a map showing the pipeline's route. 

The Wallstreet Journal reported that the operator temporarily shut down the pipeline last Friday after the company's IT was hit by ransomware. However, the whole thing was more of a precautionary measure after the company fell victim to a ransomware attack. The goal was to contain the threat through the shutdown. It is now clear that only the operator's IT was affected by ransomware and files on the servers and clients were encrypted. However, the pipeline's control systems were not affected, according to insiders.

The company, Colonial Pipeline, confirmed the ransomware attack last Saturday in this statement. It said that the company learned on Friday, May 7, 2021, that it had been the victim of a cybersecurity attack. It has since been determined that the incident involved ransomware. In response, the company said it proactively took certain systems offline to contain the threat. This resulted in temporarily halting all pipeline operations and compromising some of the IT systems. The company has engaged security experts from FireEye to conduct an investigation into the nature and scope of this incident. Law enforcement and other federal agencies have been contacted.

Data previously extincted

US magazine Bloomberg reported here that the company had fallen victim to the DarkSide ransomware gang and that it had siphoned 100 gigabytes of data from the company's network before encrypting the files on its systems. However, the intruders would have taken the nearly 100 gigabytes of data from the company's network in Alpharetta, Georgia, in just two hours on Thursday (May 6, 2021). Bloomberg cites two people involved in Colonial's investigation.

So, it is likely that the gang will try to extort the company by releasing this data and collect a ransom. However, U.S. laws prohibit the companies from paying, they need permission from the authorities to do so. It is currently unclear when the pipeline will be back in operation and whether there will be any impact on the fuel market on the U.S. East Coast.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *