10 May 2021

One of the US’ largest pipelines halts operations after a ransomware attack


One of the US’ largest pipelines halts operations after a ransomware attack

A ransomware attack has disrupted operations of one of the US' largest pipelines, which refined gasoline and jet fuel from Texas up the East Coast to New York. The operator of the system, Colonial Pipeline, said it temporarily shut down its 5,500 miles of pipeline to contain the threat.

“On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the company said in a statement.

“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

Citing a former U.S. official and three industry sources, Reuters reported that a criminal group originating from Russia named "DarkSide" is believed to be behind the ransomware attack. The group typically targets non-Russian speaking countries. The hackers gain access to private networks, encrypt data and often steal information for later use in extortion schemes.

According to Reuters, in the Colonial attack the attackers made off with more than 100 gigabytes of data. The source told the news agency that the cloud computing system the hackers used to collect the stolen data was taken offline Saturday and that “Colonial's data did not appear to have been transferred from that system anywhere else.”

Back to the list

Latest Posts

Suspected Chinese hack affected Verizon, Southern California's water supplier

Suspected Chinese hack affected Verizon, Southern California's water supplier

The breach was part of the cyber-espionage campaign involving Pulse Connect Secure networking devices that came to light in April.
16 June 2021
Paradise ransomware source code leaked on XSS hacker forum

Paradise ransomware source code leaked on XSS hacker forum

The analysis of the source code revealed it contained Russian comments, giving an inkling of the origin of a developer behind the ransomware.
16 June 2021
Apple fixes two iOS zero-days exploited in the wild

Apple fixes two iOS zero-days exploited in the wild

Both bugs affect the WebKit component in Apple iOS and allow remote code execution.
15 June 2021