The largest fuel pipeline in the US has been shut down because of a cyberattack. Colonial Pipeline, which supplies up to three million barrels a day throughout the U.S., announced over the weekend that it fell victim to a ransomware attack. The company, based in Georgia, is responsible for supplying about half of the fuel on the east coast. President Biden, who was briefed on the situation, offered assistance from the White House. Reports hinted that it is possible that Russia is involved.
Reuters reported that it is one of the most disruptive ransomware attacks reported until now, and spotlights attacks against American energy infrastructure by malicious actors. The American Automobile Association expressed concern that the extended shutdown of the pipeline could cause an increase in fuel prices ahead of the summer driving season, a potential economic blow to the American society as it starts to recover from the COVID-19 pandemic.
Three days after the initial report, the investigation was still in its initial stages and it was still not known (or has not been published) who is behind the attack, or what demands have been made. An unidentified former American official told Reuters that among the suspects are a cybercriminal group called DarkSide "known for deploying ransomware and extorting victims while avoiding targets in post-Soviet states." According to unconfirmed reports, the FireEye company, which was a victim of a cyberattack itself not long ago, has been brought in to investigate the incident.
"We are engaged with the company and our interagency partners regarding the situation," said Eric Goldstein, executive assistant director of the cybersecurity division at the Cybersecurity and Infrastructure Security Agency (CISA). "This underscores the threat that ransomware poses to organizations regardless of size or sector."
Colonial Pipeline said it "is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."
Yossi Rachman, director of security research at cyber defense company Cybereason, said "In recent years we have witnessed an increase in sophistication and damage of ransomware attacks. From simple malware intended to put dubious profits into the pockets of attackers, to attacks on operational technology (OT) and industrial control systems (ICS), to double extortion attacks."
"These attacks shut down entire organizations, demand additional ransom to avoid the leaking of sensitive information stolen from the attacked organization, and are carried out by organized and sophisticated attack groups including nation-state actors. The latest attack on Colonial Pipeline, if it was designed to specifically target the organization, constitutes an escalation. It not only disrupts the operations of the organization that was attacked, but also damages the critical infrastructure of fuel transportation and thus could potentially damage the American economy as a result of supply problems on the east coast of the U.S."