A ransomware cyberattack has forced the temporary shutdown of Colonial Pipeline a major gas pipeline that supplies 45 percent of all fuel consumed on the East Coast. The attack highlights heightened concerns over the danger to major U.S. infrastructure.
The cyberattack against Colonial Pipeline began at 7:00 p.m. on Friday night, according to a Federal Emergency Management Agency report.
Colonial Pipeline, which runs from Houston to Linden, New Jersey, transports about a million gallons of fuel daily.
However, the hackers actually began their hacking against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to a report from Bloomberg.
The attack was perpetrated by the cybercrime group DarkSide. The group stole nearly 100 gigabytes of data out of the company’s network in just two hours on Thursday, officials involved in the investigation said.
Many believe that the hackers are located outside the United States since when domestic hackers attack infrastructure, it usually isn’t economically motivated.
The extortion scheme has been a common tactic of DarkSide. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the sources to the Bloomberg piece.
Gas and fuel prices are expected to rise over the shutdown of the pipeline. If the shutdown lasts more than a few days, the prices of fuel are expected to experience a spike similar to the one following Hurricane Sandy.
A Concerted Effort Is Launched to Address the Attack on Colonial Pipeline
Colonial said it became aware of the hack on Friday night and opted to shut down the pipeline.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems,” the company released in a statement.
The FBI, Department of Energy (DoE), and Cybersecurity and Infrastructure Security Agency (CISA) have all said they are collaborating with Colonial Pipeline to get to the bottom of the attack.
FireEye Inc., a U.S.-based cybersecurity firm, is also investigating the attack, having been hired by Colonial to manage the investigation.
Eric Goldstein, the executive assistant director of CISA’s cybersecurity division, said in a statement Saturday that they’re working with the company and their partners on the situation.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” he said. “We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
The White House released a statement saying President Biden was appraised of the situation.
An official from the White House told CNN that analysis is ongoing to determine whether supply could become an issue following the event. The White House is working with state and local authorities to determine what possible steps may need to be taken to help lessen the potential impact on supply.
The Increasing Risk of Cyberattacks on Physical Infrastructure
This brings to the forefront the thorny issue of U.S. infrastructure. As infrastructure becomes more and more reliant on cyberspace it also becomes more vulnerable to cyberattacks and cybersecurity becomes much more important.
Cybersecurity issues have risen to prominence with the SolarWinds hack perpetrated by Russian hackers and the hack of the Microsoft Exchange that affected email servers worldwide. The latter was linked to a network of hackers called Hafnium, a group that Microsoft “assessed to be state-sponsored and operating out of China.”
Colonial’s 5,500-mile pipeline has two main pipelines, one for gasoline and another for diesel, jet, and other fuels. Colonial shut down the pipeline twice in 2016, once for an underground leak and another for a fire that occurred in Alabama.
Earlier last week, Homeland Security Secretary Alejandro Mayorkas gave an ominous warning that cyberattacks, specifically ransomware attacks, are on the rise and hackers are targeting government agencies down to small businesses.
Speaking at the U.S. Chamber of Commerce’s Now & Then Speaker series, Mayorkas said, “The threat is real. The threat is upon us. The risk is to all of us,” adding, “Inform oneself. Educate oneself and defend oneself.”