Update: Colonial Pipeline CEO Joseph Blount confirmed on 19 May a ransom payment of $4.4 million to restore the pipeline.
Colonial Pipeline has restarted the majority of its 5,500-mile refined-products pipeline systemforced off line late last week by a cybersecurity attack. The company said on 13 May that East Coast product delivery had come back on line for many of the markets it services. Colonial projects that each market it services will be receiving product from its system by mid-day.
Following this restart, the company said it will take several days for the product-delivery supply chain to return to normal. Some markets served by Colonial may experience, or continue to experience, intermittent service interruptions during the startup period. Colonial added it will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.
The attack used a ransomware program designed to harvest data from its target, encrypt it, then hold it for ransom or threaten its release to the public. The Colonial attackers, reportedly of Russian origin, used a program called DarkSide to infiltrate and grab sensitive data. The US Cybersecurity and Infrastructure Security Agency and the US Federal Bureau of Investigation have released a Joint Cybersecurity Advisory on DarkSide in the wake of the Colonial breach.
“Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data,” read the advisory announcement. “These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI [critical infrastructure] sectors including manufacturing, legal, insurance, healthcare, and energy. Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process.”
According to Bloomberg, Colonial Pipeline reportedly paid the ransomware group responsible for the DarkSide attack close to $5 million to decrypt seized data. The payment was said to have been made shortly after the attack but did not stop the service disruption. A Reuters report added that Colonial holds cyber insurance coverage of at least $15 million.
The attack created a supply shortfall that triggered panic gasoline buying in the eastern US, where some people were photographed filling plastic bags with fuel. Gasoline prices shot up overnight, more than doubling in some regions.
Concerned over potential future attacks, US President Joseph Biden earlier this week issued an executive order to shore up the government’s own data security. The order calls for the Commerce Department to craft new standards for software vendors working with the federal government and establishes a Cybersecurity Safety Review Board, comprising people from the public and private sectors.
