A major U.S. fuel pipeline system has been shut down following a ransomware attack.
The pipeline system, owned and operated by the Colonial Pipeline Co., carries more than 100 million gallons of gasoline, diesel, home heating fuel and jet fuel a day and links refineries in Texas to New York via the East Coast.
In a statement today, Colonial Pipeline said that the ransomware attack first hit the company Friday, May 7, and that it took certain systems offline to contain the threat including temporarily halting all pipeline operations. As of this afternoon, the company’s main lines, four in total, remain offline, but some smaller lateral lines between terminals and delivery points have been restored.
Colonial did not say what form of ransomware it was struck by but ticked off the standard response list: third-party security experts engaged, an investigation launched and law enforcement and other government agencies notified.
Reuters, referencing a former government official, reported that the attack may have involved the DarkSide ransomware group. That group and related ransomware first emerged in August and were linked to the GandCrab and Sodinokibi groups at the time. In previous attacks, the group typically demanded a ransom payment of between $200,000 and $2 million.
DarkSide was last in the news in October when it started making charitable donations using funds it had extorted from various businesses. The group is also on the record as saying that it would not encrypt files belonging to hospitals, schools, universities, nonprofits and the government sector.
That Colonial Pipeline has been attacked and remains offline raises other potential issues. It is the largest pipeline operator in the U.S. and if its pipelines remain offline for any length of time, there is a strong potential of fuel shortages as well as the price of fuel rapidly increasing, with an impact on the U.S. economy as a whole.
That Colonial Pipeline has been hit by ransomware doesn’t come as a surprise to experts. John Cusimano, vice president of aeCyberSolutions, the industrial cybersecurity division of Applied Engineering Solutions Inc., told SiliconANGLE that in his company’s extensive experience in assessing oil and gas pipelines for several of the country’s largest pipeline operators, their security is far behind that of other energy sectors.
“A common gap in the pipeline industry is the lack of segmentation of the pipeline supervisory control and data acquisition networks which are the networks that connect the pipeline control center to every terminal, pumping station, remote isolation valve and tank farm along the pipeline,” Cusimano explained. “These are very large networks covering extensive distances but they are typically ‘flat,’ from a network segmentation standpoint. This means that once someone gains access to the SCADA network they have access to every device on the network.”
Pipeline SCADA, or supervisory control and data acquisition, networks are typically separated from the company’s business networks with firewalls, he added, but those firewalls pass some data between the networks. “For example, network monitoring software, such as SolarWinds, may be permitted through the firewall in order to monitor the SCADA network,” he said. “These permitted pathways through the firewall are one-way malicious software or hackers can move from the IT network into the SCADA network. This was one of my greatest concerns when I learned of the SolarWinds attack.”
James Shank, Ransomware Task Force committee lead for worst case scenarios and chief architect, community services for Team Cymru Ltd., noted that targeting pipelines and distribution channels like this makes sense, since ransomware is about extortion and extortion is about pressure.
“Impacting fuel distribution gets people’s attention right away and means there is increased pressure on the responding teams to remediate the impact,” Shack said. “Doing so during a time when the pandemic response has created other distribution and supply chain problems, many of which will require timely and efficient distribution of goods, adds to the pressure.”
Image: Colonial Pipeline
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.