Ransomware Cyber Attack Leads To Shutdown of Largest U.S Fuel Pipeline System

Colonial Pipeline suspended work due to a ransomware attack which appears to be carried out by an Eastern European based criminal gang.

Nation’s biggest fuel pipeline which carries 45% of the fuel consumed on the U.S. East Coast has to shut down its entire network. On Friday, the company realized that they are the victim of a cyber attack.

It is the largest refined products pipeline in the U.S, a 5,500 mile (8,851 km) system involved in transporting over 100 million gallons from the Texas city of Houston to New York Harbor. Colonial Pipeline also carries almost half of the gasoline, diesel, and other fuels used on the East Coast.

The attack highlighted the potential vulnerability of industrial sectors to the expanding threat of ransomware strikes. In a statement;

“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack, We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”

The investigation is being carried out with the assistance of Cybersecurity firm FireEye’s Mandiant incident response division. The attack is linked to a ransomware strain called “Darkside”.

Darkside ransom note

The US Cybersecurity and Infrastructure Security Agency compelled the other organizations to step up their security measures as the threat of ransomware poses regardless of the proportion of the organization. They commented;

“We are engaged with Colonial and our interagency partners regarding the situation, This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

Cybereason in April 2021, published an analysis of the ransomware which revealed that DarkSide consists of a motive to be utilized against targets in English-speaking countries. It however avoids individuals located in former Soviet Bloc nations.

DarkSide inaugurated in August 2020. Since then it has posted the stolen data from more than 40 victims. It is been said that the attackers stole 10 GB of data from its network. And the demanded money by the attackers or would Colonial Pipeline give or not has yet to be disclosed.

A list of 48 recommendations to reveal and rummage the rising ransomware threat has been released by the Ransomeware Task Force. It is a union of government and tech firms in the private sector. They are also assisting organizations to be ready and react to such attacks more effectively.

Ransomware attacks have been shockingly increasing over the past few years. Threat actors are involving various crimes like;

  • Potentially damaging intrusions targeting utilities
  • Damaging critical infrastructure
  • Encrypting the victim’s data,
  • Exhilarating the data beforehand
  • Threatening to make it post the data if the ransom demand is not paid.

Check Point gathered data which revealed the cyberattacks on American utilities has been increased by 50% on average per week. The attacks were 171 at the beginning of March and 260 at the end of April. Over the last nine months, the monthly number of ransomware attacks in the U.S. nearly tripled to 300, hence increasing cyberattacks to such an immense number.

“Furthermore, in recent weeks an average of 1 in every 88 Utility organization in the U.S. suffered from an attempted Ransomware attack, up by 34% compared to the average from the beginning of 2021,” the American-Israeli cybersecurity firm said.

CISA alerted the companies of the increasing ransomware infections which were impacting pipeline operations. It was after an attack that targeted an unnamed natural gas compression facility in the country, which later forced the company to suspend its pipeline asset for about two days in February 2020.

Department of Homeland Security in 2018 assigned CISA to look after the Pipeline Cybersecurity Initiative (PCI). Its objective was to recognize and address emerging threats and force security measures to secure and protect more than 2.7 million miles of pipelines. These pipelines were responsible for transporting oil and natural gas in the U.S.

In February 2021, The agency’s National Risk Management Center (NRMC) has published a Pipeline Cybersecurity Resources Library whose main purpose is to “provide pipeline facilities, companies, and stakeholders with a set of free, voluntary resources to strengthen their cybersecurity posture.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button