The Colonial Pipeline Hack of 2021 was the larges cyberattack on an oil infrastructure target in US history. This attack sparked a state of emergency in the United States.
READ THIS: PSA from Federal Agency CISA on the Colonial Pipline attack
The Colonial Pipeline Ransomware attack unfolds
On May 7, 2021, the Colonial Pipeline, an American oil pipeline system originating in Houston, Texas, and primarily supplying gasoline and jet fuel to the Southeastern United States, experienced a ransomware cyberattack that affected its computerized equipment managing the pipeline. In response to the attack, the Colonial Pipeline Company took the precautionary measure of halting all pipeline operations to contain the impact.
Under the supervision of the FBI, the company decided to pay the ransom demanded by the hacker group, which amounted to 75 bitcoins or approximately $4.4 million USD. The payment was made within several hours, and in return, the hackers provided an IT tool to restore the system. However, the tool’s processing time was lengthy, delaying the system’s recovery.
The incident prompted the Federal Motor Carrier Safety Administration to issue a regional emergency declaration for 17 states and Washington, D.C., to ensure the continuity of fuel supply lines on May 9. Notably, this cyberattack marked the largest ever recorded on an oil infrastructure target in the United States.
Response to the Colonial Pipeline attack
On May 9, 2021, U.S. President Joe Biden declared a state of emergency in response to the Colonial Pipeline cyberattack. This declaration led to temporary suspensions of regular limits on the transportation of petroleum products by road, rail, and other means within the U.S. mainland.
Following the crisis, Georgia Governor Brian Kemp also declared a state of emergency on May 10. To alleviate some of the financial burden on motorists, the governor temporarily waived the collection of state taxes on motor fuels, including diesel and gasoline.
In the Southeastern region, panic buying of gasoline became a concern. In response, U.S. Transportation Secretary Pete Buttigieg and U.S. Energy Secretary Jennifer Granholm cautioned against gasoline hoarding on May 12. They emphasized that the United States was facing a “supply crunch” rather than a gas shortage.
To prevent dangerous practices during the fuel shortage, the U.S. Consumer Product Safety Commission issued a warning on May 12, advising people not to fill plastic bags with gasoline or use any containers not specifically designed for fuel storage.
On the same day, May 12, President Biden signed Executive Order 14028, which aimed to strengthen software security standards for sales to the government, enhance detection and security on existing systems, improve information sharing and training, establish a Cyber Safety Review Board, and bolster incident response capabilities. Additionally, the United States Department of Justice convened a cybersecurity task force with the goal of increasing prosecutions related to cyberattacks.
In an effort to bring the perpetrators to justice, the Department of State announced a reward of $10,000,000 for information leading to the arrest of members associated with the hacking group DarkSide, who were identified as responsible for the attack on the Colonial Pipeline.
The investigation of the Colonial Pipeline attack
Investigations led by the FBI and various media sources identified the hacking group DarkSide as the perpetrators of the attack. It was also discovered that the same group had previously stolen 100 gigabytes of data from the company’s servers a day before the actual malware attack.
On June 7, the Department of Justice reported that it had managed to recover 63.7 bitcoins from the ransom payment, equivalent to approximately $2.3 million.
This cyberattack gained significant attention as one of the first high-profile corporate attacks that likely started from a breached employee’s personal password, which was possibly obtained from the dark web, rather than a direct assault on the company’s systems.
The impact & fallout of the Colonial Pipeline attack:
During the cyberattack on the Colonial Pipeline, the primary target of the hackers was the billing infrastructure of the company, while the actual oil pumping systems remained operational. CNN sources within the company revealed that the inability to bill customers was the reason for the pipeline operations being halted. As a precautionary measure, Colonial Pipeline shut down the pipeline due to concerns that the hackers might have obtained critical information that could potentially lead to further attacks on vulnerable parts of the pipeline. In the aftermath of the attack, the company was unable to confirm when the pipeline would fully resume normal functions.
The attackers also stole nearly 100 gigabytes of data and threatened to release it on the internet if their ransom demands were not met. In response, within hours after the attack, the company paid a ransom of nearly 75 Bitcoins (equivalent to $4.4 million USD) to the hackers in exchange for a decryption tool. However, the tool provided by the hackers was slow, and the company found that its own business continuity planning tools were more effective in restoring operational capacity.
Colonial Pipeline announced its plans to substantially repair and restore the pipeline’s operations by the end of the week on May 9.
The pipeline shutdown caused fuel shortages at Charlotte Douglas International Airport, leading American Airlines to temporarily change flight schedules. Some flights had fuel stops or plane changes added to their itineraries for a four-day period. Hartsfield-Jackson Atlanta International Airport and several other airports directly serviced by the pipeline had to use alternative fuel suppliers to cope with the shortage.
Amid panic buying, fuel shortages began to occur at filling stations as the pipeline shutdown extended into its fourth day. Reports of shortages came from Alabama, Florida, Georgia, North Carolina, and South Carolina. Areas from northern South Carolina to southern Virginia were severely affected, with 71% of filling stations running out of fuel in Charlotte on May 11, and 87% of stations out in Washington, D.C., on May 14. As a result of the crisis, average fuel prices surged to their highest levels since 2014, exceeding $3 per gallon.
What is the Colonial Pipeline?
The Colonial Pipeline is a major oil pipeline system in the United States. It is one of the largest pipelines in the country, responsible for transporting gasoline, diesel, jet fuel, and other refined petroleum products from refineries in the Gulf Coast to destinations along the Eastern Seaboard, covering a distance of approximately 5,500 miles (8,850 kilometers).
The post What was the Colonial Pipeline ransomware attack of May 7, 2021? (with cited sources) appeared first on PROCODEGEN.
