America’s Biggest Fuel Pipeline Crippled by Massive High-Tech Ransomware Attack

Colonial Pipeline by Orbital Joe is licensed under CC BY-NC-ND 2.0

Colonial pipelines runs a network of pipes and storage facilities all over the United States to move gas and fuel around the country. 

It was recently hit by a massive ransomware cyber attack that closed down its 5,500 mile pipeline from the Gulf Coast to the the northeast United States.

Colonial moves about 100 million gallons per day of gas, diesel and refined petroleum from the Gulf Coast all the way to Linden, New Jersey.

The truth is that America’s electrical and energy grid are far too soft, and many of the devices and systems that run networks like Colonial are old, outdated or in poor repair and therefore able to be hit by cyber attacks. 

Colonial’s pipeline that was shut down by the attack carries 45% of the gas and diesel needed for the entire East Coast of the United States, so this news is extremely important. 

Cyber attacks are now a leading national security danger for the United States. 

Something must be done. 

First, we have to understand exactly what happened here. 

Colonial pipeline company by peripathetic is licensed under CC BY-NC-SA 2.0

What Exactly Happened Here?

The Department of Homeland Security (DHS) and various agencies have known for many years that the US energy sector is vulnerable to cyberattack. They have been advising and working to improve that. 

With over 2.5 million miles of pipelines, America’s energy sector is especially vulnerable to viruses and computer infections that cripple its systems and bring the network of pipes to a halt by jamming the communication between the thousands of sensors, devices, valves and meters, especially at the large refineries themselves. 

Officials believe that a Russian criminal network of hackers called DarkSide may be behind the attack. DarkSide is skilled at extorting and blackmailing companies by launching ransomware and other attacks. 

Ransomware is a cyber attack method that blocks you from getting access to your own data. Hackers interrupt and seize the communications data and files, encrypting and locking them and making the system fail until you pay the “ransom” or request they demand. 

Commerce Secretary Gina Raimondo said the government – primarily the Department of Energy – is working to get Colonial’s thousands of miles back online, but it’s still mostly down. 

“These sorts of attacks are becoming more frequent. They’re here to stay,” Raimondo said.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” Colonial updated, adding that its core systems weren’t affected and that it shut everything down preemptively in order to contain the breach. 

At this point, officials do not believe that DarkSide was operating on behalf of the Russian government. Details of what ransom was asked or the exact extent of the intrusion have not been made public, likely for national security reasons and to avoid publicizing the effectiveness or failure of the attack to the criminals themselves. 

Red Alert

Despite the fact that DarkSide was not believed to be working for any government, this shows just how much the US needs to harden up its grid. 

“This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe. It’s an absolute nightmare, and it’s a recurring nightmare,” explained CEO and co-founder of Illumio cybersecurity company Andrew Rubin.

“Organizations continue to rely and invest entirely on detection, as if they can stop all breaches from happening. But this approach misses attacks over and over again. Before the next inevitable breach, the president and Congress need to take action on our broken security model,” Rubin added. 

He’s right.

If DarkSide really is a non-state actor, that doesn’t change that this has geopolitical implications, especially since it shows how nations like Russia, China, Iran and North Korea allow hackers and cyber terrorists free reign to do what they want. 

DarkSide keeps a website with all the dirt it’s published on people and companies who wouldn’t pay its ransoms. 

Colonial says the pipeline network will be back online in the near future but hasn’t given an actual date. The market is expected to stabilize, but this has still been a shocking and devastating cyber attack.