A ransomware attack has disrupted operations of one of the US' largest pipelines, which refined gasoline and jet fuel from Texas up the East Coast to New York. The operator of the system, Colonial Pipeline, said it temporarily shut down its 5,500 miles of pipeline to contain the threat.
“On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the company said in a statement.
“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
Citing a former U.S. official and three industry sources, Reuters reported that a criminal group originating from Russia named "DarkSide" is believed to be behind the ransomware attack. The group typically targets non-Russian speaking countries. The hackers gain access to private networks, encrypt data and often steal information for later use in extortion schemes.
According to Reuters, in the Colonial attack the attackers made off with more than 100 gigabytes of data. The source told the news agency that the cloud computing system the hackers used to collect the stolen data was taken offline Saturday and that “Colonial's data did not appear to have been transferred from that system anywhere else.”