Colonial Pipeline Ransomware Attack Leads To ‘Regional Emergency’

The largest fuel pipeline system in the United States has suffered a cyber attack potentially leading to an emergency situation. Reportedly, the Colonial Pipeline Company has suffered a ransomware attack that caused service disruptions. In turn, concerns about a possible fuel shortage grow among the public.

Colonial Pipeline Ransomware Attack

Reportedly, on May 7, 2021, Colonial Pipeline suffered a ransomware attack on its IT systems. Upon noticing the attack, the firm had to shut down its operations and pull the systems offline.

Colonial Pipeline disclosed the news via an update on their website on May 8, 2021. Even in this initial disclosure, the firm clearly stated to have suffered a ransomware attack.

Soon after the incident, the firm involved law enforcement and cybersecurity experts for investigations and resolution of the matter. Also, they started working towards service restoration to minimize further damages in the supply.

However, being the largest fuel pipeline serving numerous states in the US, this service disruption gave rise to the fears of fuel shortages.

While in their recent update Colonial Pipeline has shared more details about the phase-wise service restoration.

Still, the Federal Motor Carrier Safety Administration (FMCSA) has declared an emergency over this incident. As stated in the Regional Emergency Declaration,

Such emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States.  This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief.

The states where this emergency applies include,

  • Alabama
  • Arkansas
  • District of Columbia
  • Delaware
  • Florida
  • Georgia
  • Kentucky
  • Louisiana
  • Maryland
  • Mississippi
  • New Jersey
  • New York
  • North Carolina
  • Pennsylvania
  • South Carolina
  • Tennessee
  • Texas
  • Virginia

Darkside Ransomware Behind The Attack

In a recent statement, the FBI has confirmed that the attack links back to the DarkSide ransomware gang.

The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.

Whereas, according to reports, the DarkSide gang has also stolen data from the firm, possibly, for extortion.

Also, according to Bloomberg, Colonial Pipeline had paid $5 million to the attackers within a few hours of the attack. In response, the attackers sent the decryptor to the firm. However, it was “so slow” that the firm had to work more on their backups as well.

Colonial Pipeline isn’t the first power utility that fell victim to DarkSide. In February 2021, the same attackers also targeted two such facilities in Brazil as well.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients