10 May 2021

One of the US’ largest pipelines halts operations after a ransomware attack


One of the US’ largest pipelines halts operations after a ransomware attack

A ransomware attack has disrupted operations of one of the US' largest pipelines, which refined gasoline and jet fuel from Texas up the East Coast to New York. The operator of the system, Colonial Pipeline, said it temporarily shut down its 5,500 miles of pipeline to contain the threat.

“On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the company said in a statement.

“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

Citing a former U.S. official and three industry sources, Reuters reported that a criminal group originating from Russia named "DarkSide" is believed to be behind the ransomware attack. The group typically targets non-Russian speaking countries. The hackers gain access to private networks, encrypt data and often steal information for later use in extortion schemes.

According to Reuters, in the Colonial attack the attackers made off with more than 100 gigabytes of data. The source told the news agency that the cloud computing system the hackers used to collect the stolen data was taken offline Saturday and that “Colonial's data did not appear to have been transferred from that system anywhere else.”

Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021