In the biggest cyberattack to date on critical infrastructure in the U.S., Colonial Pipeline – sprawling 5,500 miles from Houston to New York City – halted its mainlines on Friday, May 7, when administrators detected advanced ransomware internally.
On Thursday, a day before the ransomware attack, Russia-based cyber criminal group DarkSide stole more than 100GB of data, giving DarkSide added leverage to extract a ransom from Colonial Pipeline, which some speculated could end up paying a ransom to avoid a prolonged and potentially catastrophic shutdown. On Monday, May 10, Colonial announced that it had set a “goal of substantially restoring operational service by the end of the week,” which means the Eastern U.S. will likely face days of uncertainty over its energy supply.
Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating how infrastructure is vulnerable to cyber attacks. On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack, the company said in a statement posted on its website. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.