Colonial Pipeline in the US, which pumps about 45% of the East Coast’s fuel, has shut down its operations due to a cyberattack. Among millions of US citizens, the company delivers gasoline, diesel, jet fuel, and other fuel products for the US Military.
On Monday, the FBI stated the company suffered a ransomware attack and the Russia-based hacker group DarkSide was behind it. The group is a ransomware-as-a-service operation that sells cybercrime tools to other hackers.
In a statement, Colonial Pipeline said upon learning about the cyberattack, the company had taken some systems offline and engaged third-party cybersecurity experts to help mitigate the attack’s consequences:
“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.”
The troublesome attack came after the company had dealt with major oil spills in the past that killed wildlife and contaminated the pristine environment.
Later on Monday, US President Joe Biden said there was no indication that the Russian government operated the attack, although, the threat actor’s ransomware clearly originated from Russia.
This is confirmed by what DarkSide said in a statement dated May 10:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives. Our goal is to make money, and not creating problems for society.”
At the time of writing, Colonial Pipeline is yet to resume the supply. The company says it has restored some small lateral lines and working on a system restart plan that is supposed to bring the company’s services fully back by the end of the week. However, it may be days before it restores the full service. Meanwhile, the gasoline futures are rising and there is concern that US citizens may experience fuel shortages.
The DarkSide group has been active since summer 2020. It employs double-extortion tactics whereas hackers steal confidential information and threatens to publish it on a leak site if the victim doesn’t pay a ransom.