On Friday, a ransomware cyberattack shut down the Colonial Pipeline, the largest refined petrol products system in the US. The company hired a third-party cybersecurity firm to launch a probe into the incident while notifying the FBI and other relevant government agencies.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” the company said in a statement.
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” the company said in a statement. “This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”
It is believed the attack was carried out by a group called DarkSide which stole nearly 100 gigabytes of data in just two hours on Thursday. Darkside threatened to release the data to the public, which would be devastating, while also threatening to keep the data still on the system encrypted and inaccessible unless an undisclosed ransom was paid.
The Colonial Pipeline consisting of more than 5,500 miles of pipeline supplies nearly half of all the East Coasts fuel supply. The system can carry more than 3 million barrels of petrol products daily between the Gulf Coast and the New York Harbor area and also supplies the military.
The attack comes despite President Biden’s announcement in April of a 100-day plan to protect the country’s electricity infrastructure from cyberattacks. The Department of Transportation’s Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., on Sunday to keep fuel supply lines open. The government has relaxed rules on fuel being transported by road, allowing drivers in 18 states to work extra hours when transporting refined petroleum products.
The recent attack is similar to a ransomware cyberattack that took place last December targeting an update on SolarWinds’ Orion software. The attack impacted major government organizations and companies including the US Treasury and Commerce. The attack gave hackers access to thousands of companies and government offices that used its products. It is believed that attack was carried out by a Russian group known as Cozy Bear.
Last year, the average ransom paid in the US increased to more than $310,000. The average downtime for victims of ransomware attacks is 21 days, according to the firm Coveware, which helps victims respond.