Skip links

Colonial Pipeline Cyber Attack Incident

What is Colonial Pipeline?

The Colonial Pipeline, founded in 1961, is the largest pipeline system for refined oil products in the US. The pipeline consists of two tubes – 5,500 miles long and can carry 3 million barrels of fuel per day between Texas and New York. It is operated by Colonial Pipeline Company, which is headquartered in Alpharetta, Georgia.

This company says they transport more than 100 million gallons or 2.5 million barrels per day. This amount is approximately 45 percent of all fuel consumed on the East Coast, providing refined products to more than 50 million Americans.

 

What happened to Colonial Pipeline?

Colonial Pipeline was hacked by the DarkSide group through malicious software. There are a few assumptions on how the cyberattack took place, but most likely it will not be specified until Colonial Pipeline and the third-party inspection company finish the investigation and create an analysis of the incident. The initial attack route is unknown. It may be initiated by a phishing email, old computer and network systems, weak passwords, or industrial espionage hired by a criminal group.

On May 10, the law enforcement agency said:

“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks. We continue to work with the company and our government partners on the investigation.”

What we do know is that there was a ransomware attack on the business side. This attack is initiated by the DarkSide hacker group and caused the shutdown of all the operating pipelines last Friday on May 7th, 2021. From this attack, hackers invade a company’s computer system, encrypt data and freeze operations, then demand payment to release control. The group itself stated their goal is to make money, not to create chaos. Georgia-based Colonial Pipeline has not released details but said the attack affected some of its information technology systems, according to The Associated Press. Those systems were under repair Sunday and Monday. The amount of money sought in the ransomware attack was not disclosed. The hackers took more than 100 gigabytes of data from a cloud computing system. Colonial said some of its lateral, or smaller pipelines between terminals and delivery stations, were put back into operation on Sunday. Reported by Tennessean.

Colonial Pipeline Map

 

What is DarkSide?

DarkSide is a cybercriminal hacking group that targets victims using ransomware, which is first noticed in August 2020. DarkSide is believed to be based in Eastern Europe, likely Russia, but unlike other hacking groups, it is not believed to be directly state-sponsored such as Russian intelligence services. Acronis reported that DarkSide targets only English-speaking countries and avoids the majority of the former Soviet countries by checking the default language settings. Experts state that the group is “one of the many for-profit ransomware groups that have proliferated and thrived in Russia” with at least the implicit sanction of the Russian authorities, who allow the activity to occur so long as it attacks foreign targets. This group also attacked CompuCom, a well-known IT managed services provider, in March 2021. This made the company spend over $20 Million in restoration expenses.

 

Did this incident affect the US oil market?

Yes, it did affect the east coast US oil market a lot because approximately 50 percent of the oil supply depends on Colonial Pipeline. Since this incident happened, many cities are experiencing a gas shortage and the gas price sky-rocketed.

Here is the graph showing gasoline outages over time by the state.

Chart of Gasoline Outages

Even though the system was completely down, they managed to recover their system back quick. They now have their system up and running and it is fully functional. They said, “Colonial Pipeline can now report that we have restarted our entire pipeline system and that product delivery has commenced to all markets we serve.”.

 

 

For more information please contact us

Phone: (604) 757-9823

Email: [email protected]

Website: https://turboitsolutions.com/contact-us/

For more IT tips & information, please visit these blogs

 

SECURITY FEATURE YOU MUST HAVE: STRONG PASSWORDS AND MULTI-FACTOR AUTHENTICATION

Thanks to modern technology, we use computing devices, such as desktops, laptops, smartphones, tablets, and smartwatches anywhere and anytime. Mostly, these devices connect with other computing devices through the Internet to share information and utilize useful features like mobile banking and online shopping. All of these devices are potentially vulnerable to misuse by hackers, so it is necessary for the users to have strong passwords.

 

SUSPICIOUS EMAIL MANAGEMENT

Due to an increase of Covid-19 cases, many companies are shifting their old style of working in office to telecommuting. The importance of email emerges because of this. Not only email is a great way to communicate with consumers, but also business use email every day to reach new, existing, and future customers.