On Friday, May 7, 2021, Colonial Pipeline suffered a ransomware cyber-attack. They are the operator of one the United States’ largest fuel pipelines, with a 5,500-mile network. Following the ransomware attack on Colonial Pipeline, they were forced to shut down all operations. Colonial Pipeline reported this attack on Saturday, May 8, 2021, and the FBI was immediately notified.
Source: Colonial Pipeline, Colonial Pipeline’s route across the U.S. from Houston, TX to Linden, NY.
In a statement, Colonial Pipeline commented “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” “This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline”.
The Biden Administration was briefed on this ransomware attack and a spokesperson from the White House said, “The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible.”
Since the announcement of the ransomware attack on Colonial Pipeline, it is believed that a Russian cybergang group called “Darkside” is responsible. Bloomberg reported that the day prior to the ransomware attack, Darkside stole nearly 100 gigabytes of their data and demanded payment for the data. The next day, Darkside launched a ransomware attack, shutting down the Colonial Pipeline computers. Darkside is known for their “double extortion” tactics.
The DOT released a Regional Emergency Declaration on May 9, 2021. DOT said the move was to address the “emergency conditions creating a need for immediate transportation of gas, diesel, jet fuel, and other refined petroleum products.”
This ransomware attack on Colonial Pipeline adds to the growing number of cyber-attacks against U.S. Government agencies. While Colonial Pipeline’s main lines are still offline, some smaller lines and delivery points are now running. In a statement on Sunday, May 9, 2021, the company said they “will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
The Department of Energy (DOE) is heading the Federal Government’s response, along with the FBI and Department of Homeland Security (DHS).
On Monday, May 10, 2021, the FBI released a statement confirming that the Russian Darkside group is responsible. The FBI statement read “The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.”