The Colonial Pipeline, the largest refined products pipeline in the US has been shut down following a cyberattack. This main fuel artery stretches all the way from the Gulf of Mexico, on the Texas shore, to New Jersey, on the east coast. The ransomware attempt happened on Friday but was confirmed over the weekend. Investigators are looking at a Russian criminal gang, called DarkSide, as a possible suspect.
5,500 Miles of Pipeline Taken Hostage
The Colonial Pipeline is a 5,500-mile (8,850 km) long pipeline network stretching from Texas to New Jersey on the east coast. It transports more than 100 million gallons of fuel daily to meet the energy needs of consumers in no less than 14 states. This accounts for nearly half (45%) of the fuel used on the US east coast by more than 50 million people. The US military and major US airports are also important customers.
On Friday, the Colonial Pipeline Company learned it fell victim to a ransomware attack. The same cybercriminals allegedly also stole 100 GB worth of data. In response, Colonial Pipeline proactively shut down certain systems and halted all pipeline operations.
In an updated media statement on Sunday, Colonial Pipeline said they have taken additional precautionary measures to further monitor and protect the safety and security of its pipeline. The company is now focusing on maintaining operational security, minimizing disruptions and developing a system restart plan.
DarkSide Gang Allegedly Behind the Attack
Upon learning of the incident, Colonial Pipeline immediately engaged the services of a third-party IT company. They have launched an investigation into the nature and scope of the ransomware attack. Multiple reports said the firm involved is Mandiant, a division of the leading cybersecurity firm FireEye, though FireEye themselves have not yet commented about the attack.
It isn’t clear yet who was behind the attack. However, several industry sources name DarkSide or a DarkSide affiliate as the main suspect. DarkSide is a relatively new player in the cybercrime industry. The group was discovered mid-2020 and also runs a Ransomware-as-a-Service (RaaS) operation. In RaaS operations, ransomware operators provide malware to third-parties for a portion of victims’ ransom payments.
DarkSide has supposedly developed a code of conduct, saying they or their affiliates will not attack hospitals, hospices, schools, not-for-profits and government organizations. The gang targets only English-speaking countries. The cybercriminals designed their ransomware in such a way that it cannot infect systems in Russia or countries belonging to the former Soviet Union.
More and More Cyberattacks
Especially since the Covid-19 pandemic, industrial environments are popular targets among cybercriminals. Many companies in this sector can’t afford to have their systems offline for extended periods. As this could cause massive disruption further downstream. Thus, they are more likely to pay ransoms. On top of that, the downtime can cost industrial companies millions.
The trend is also a worldwide phenomenon. In February there was an attempt to manipulate drinking water in the US state of Florida. Just a month prior, cybercriminals attacked a large uranium enrichment facility in Iran. While in December, a 124-year-old Japanese multinational, Kawasaki Heavy Industries, was confronted with a large data breach, affecting operations in Thailand, The Philippines, Indonesia and the US.
Typically, hackers will offer their victim a key in return for a ransom payment. If the victim does not pay, they threaten to leak files. Unfortunately, in many cases, the targets are unable to recover their data. Moreover, there’s always the possibility that the cybercriminals will leak the information anyway on the dark web, leaving backdoors to penetrate the victim again and/or up their demands at a later stage.
All Hands On Deck
Colonial Pipeline did not reveal whether they paid or are negotiating a ransom. “It’s an all-hands-on-deck effort right now,” said US secretary of Commerce, Gina Raimondo. “We are working closely with the company [Colonial Pipeline], state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”
Any prolonged outage will likely require the Colonial Pipeline Company to organize tankers to transport fuel. This would be quite an undertaking, given that Colonial Pipeline is a major artery for fuel supply to the east coast.