Largest pipeline in the US targeted by ransomware attack

One of the largest pipelines in the United States, the Colonial Pipeline, was the target of a ransomware attack, prompting the issuance of an emergency alert. Proactively, the company took some systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems. Company technicians are now working on the restoration process. In the past 48 hours, Colonial Pipeline personnel has taken additional precautionary measures to help monitor and further protect the security of their operations.

The Colonial Pipeline is the largest refined products pipeline in the United States and carries more than 100 million gallons of fuel daily to meet the needs of consumers from Houston, Texas, to the port of New York. The US states affected are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

A former US official and three sources told Reuters that the DarkSide group is a prime suspect in the attack. The shutdown of pipeline operations has already caused retail fuel prices in the affected states to rise substantially.

DarkSide is a recent headline-grabbing group that stands out from similar groups by having a highly targeted approach, custom executables for each target, and a communication method similar to that used in the corporate environment. For example, in August 2020, DarkSide announced its new ransomware operation through a press release.

In a statement, the pipeline management says it learned of the cyberattack on May 7 and immediately shut down certain systems to contain the threat, which ultimately temporarily halted all pipeline operations. Management is also in contact with law enforcement authorities and US federal agencies, including the Department of Energy, which is leading the federal government’s response.