Colonial Pipeline Shut Down Due To Cyberattack
Hackers cause Colonial Pipeline to shut down America’s largest gasoline pipeline
Key Actors:
- Colonial Pipeline
- DarkSide; Cybercriminal Hacking Group
- Joe Biden; President of the United States
What Happened?
The Colonial Pipeline had to shut down the biggest U.S. gasoline pipelines on Friday, May 7. A group of hackers from a cybercrime gang called DarkSide stole nearly 100 gigabytes of data out of the company’s network before locking their computers with ransomware in just two hours. The move was part of a double extortion scheme. The hackers demanded payment from Colonial Pipeline by threatening that the stolen data will be leaked to the internet, while the information left on the computers inside the network was locked until Colonial paid a five million ransom fee.
Colonial pipeline didn’t respond to requests, but took certain systems offline to contain the threat, which temporarily halted all pipeline operations. The company later decided to shut down the 5,500 mile-long pipeline, which carries 45% of the East Coast’s fuel supplies, without saying when it would reopen. In an attempt to solve the problem sooner, Colonial pipeline paid a 75 bitcoin ransom, worth as much as 5 million, and operations were able to restart on Wednesday. However, giving in to Darkside’s demands will only embolden other groups going forward.
What effects did the attack have on residents of the U.S. East Coast?
By shutting down the main source of gasoline for the East Coast, a shortage of gasoline is slowly becoming a problem. Gasoline stations that could not get enough fuel have already closed in many states, and prices jumped overnight, as much as 10 cents or more per gallon in some areas. “We are seeing the full-fledged panic at the moment in some of the places I suspected we might see it,” said Tom Kloza, head of global energy analysis at OPIS. “There aren’t enough drivers to take trucks from terminals that have gasoline to stations. We are seeing a lot of stations running out.” Kloza said he expects gasoline prices to rise, but not spike wildly higher. The bigger issue is that gasoline will be in short supply in the region, since it takes time to replenish once the pipeline is switched on and shortages could continue. Gasoline in the pipeline travels at just 5 miles (or 8 kilometers) per hour.
In response to the cyberattack, President Joe Biden signed an executive order aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year. News of the president’s action came about an hour after Colonial announced it had restarted pipeline operations, “though it will be days before fuel deliveries return to normal,” the company said in a press release.
The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing hackers to gain access to communications and data in several government agencies. The president’s executive order calls for the federal government and private sector to partner to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security.
How does this attack fit into the overall increase in ransomware attacks across the world?
The wider American public was afforded an unwanted glimpse into the “wild west” of ransomware this week after the Colonial Pipeline cyberattack, causing fuel shortages on the East Coast. Experts warn that ransomware attacks, which are part-ransom, part-blackmail, part-invocation of squatters’ rights, are becoming more frequent. But the pipeline attack is one of the attacks that had the most impact. It sent tens of thousands of Americans to panic-buy gas for their cars. As the number of attacks rise, Darkside has become one of the more prominent groups. They’ve been in operation for over three years, starting around 2018, and typically focus on lower end ransoms. The average Darkside attack would ask for anywhere from $80,000 to $100,000 ransom. But in the last couple of months they started targeting and going after bigger organisations, the Colonial pipeline cyberattack being one of the recent examples.
Bibliography
Domm, Patti. “Spot Gas Shortages Could Worsen If Colonial Pipeline Doesn’t Reopen by the Weekend.” CNBC, CNBC, 11 May 2021, www.cnbc.com/2021/05/11/colonial-spot-gas-shortages-may-worsen-if-pipeline-doesnt-reopen-soon.html. Accessed 16 May 2021.
Breuninger, Kevin. “Biden Signs Executive Order to Strengthen U.S. Cybersecurity Defenses after Colonial Pipeline Hack.” CNBC, CNBC, 12 May 2021, www.cnbc.com/2021/05/12/biden-signs-executive-order-to-strengthen-cybersecurity-after-colonial-pipeline-hack.html. Accessed 16 May 2021.
Gabbatt, Adam. “How the Colonial Pipeline Hack Is Part of a Growing Ransomware Trend in the US.” The Guardian, The Guardian, 14 May 2021, www.theguardian.com/technology/2021/may/13/colonial-pipeline-ransomware-attack-cyber-crime. Accessed 16 May 2021.
Lily Hay Newman. “Colonial Pipeline Paid a $5M Ransom—and Kept a Vicious Cycle Turning.” Wired, WIRED, 14 May 2021, www.wired.com/story/colonial-pipeline-ransomware-payment/. Accessed 16 May 2021.
Robertson, Jordan, and William Turton. “Colonial Hackers Stole Data Thursday ahead of Shutdown.” Bloomberg.com, Bloomberg, 9 May 2021, www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown. Accessed 16 May 2021.
Satter, Raphael. “Colonial Pipeline: What We Know and What We Don’t about the Cyberattack.” Global News, Global News, 10 May 2021, globalnews.ca/news/7848118/colonial-pipeline-cyberattack-what-we-know/. Accessed 16 May 2021.