The Slatest

Ransomware Attack Shuts Down Top U.S. Gasoline Pipeline

In this file photo taken on August 4, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China's southern Guangdong province.
In this file photo taken on August 4, 2020, Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, China’s southern Guangdong province. NICOLAS ASFOURI/Getty Images

One of the biggest fuel pipeline operators in the United States shut down its entire network after a ransomware attack. The attack on Colonial Pipeline, which operates the biggest gasoline pipeline in the country, brought to center stage how critical infrastructure is facing increasing threats from hackers who are getting more sophisticated. Colonial, which carries almost half of the gasoline, diesel, and jet fuel for the East Coast and has a capacity of around 2.5 million barrels a day, has hired a cybersecurity firm to investigate what happened as it works to restore its operations. The company said it decided to take “certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”

Advertisement

“This was not a minor target,” Amy Myers Jaffe, an energy expert, tells Politico. “Colonial Pipeline is ultimately the jugular of the US pipeline system. It’s the most significant, successful attack on energy infrastructure we know of in the United States. We’re lucky if there are no consequences, but it’s a definite alarm bell.” Colonial hasn’t said how long its pipelines would be shut down. Depending on how long it lasts, the shutdown could lead to an increase in fuel prices. Experts say consumers will start seeing prices at the pump increase if the shutdown lasts more than three days.

Advertisement
Advertisement

Government sources and cybersecurity experts say it seems that the Eastern European criminal gang DarkSide was to blame for the attack. Ransomware attacks usually involve hackers encrypting data and demanding a large payment to unlock it again. DarkSide in particular is known for following the “double extortion” playbook in which it not only encrypts the data but also threatens to release it to the public if the ransom isn’t paid. DarkSide is also known for “selectively avoiding targets in post-Soviet states,” notes Reuters.

Advertisement

The attack provides a key test for the White House and how President Joe Biden will choose to respond to cyberattacks on critical infrastructure. Some lawmakers have already said that it demonstrates how the United States isn’t prepared to deal with these increasing threats. “There’s obviously much still to learn about how this attack happened, but we can be sure of two things: This is a play that will be run again, and we’re not adequately prepared,” Sen. Ben Sasse of Nebraska said in a statement. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors—rather than progressive wishlists masquerading as infrastructure.” Experts say these types of attacks are more common than what is publicly known.

Advertisement