Ransomware Attack Shuts Down Major U.S. Pipeline Operator

This weekend, U.S. pipeline operator, Colonial Pipeline, shut down its entire network due to one of the largest cyber-attacks in American infrastructure history.

Colonial Pipeline is one of the largest pipeline operators in the U.S. and operates pipelines that transport gasoline, diesel fuel and natural gas along more than 5,000 miles from Texas to New Jersey, making up approximately 45% of all fuel consumed on the east coast. DarkSide, an Eastern European-based criminal organization is the primary suspect according to U.S. officials, but that has not yet been confirmed.

In an official statement published on their website, Colonial Pipeline stated:

On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.  

The Biden Administration has been vocal about bolstering the nation’s cybersecurity efforts and is reportedly taking an all hands on deck approach to the situation. Eric Goldstein, Executive Assistant Director of the CISA Cybersecurity division, commented on the attack:

This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.

While there is no ETA for service restoration and no sign this disruption will have an immediate effect on the fuel markets, there is concern that a prolonged shutdown could eventually impact gas supplies and prices – especially with many parts of the country lifting COVID-19 restrictions and the existing discussion around potential fuel shortages this summer.

This attack joins the growing list of high profile ransomware attacks over the last year, and is part of a concerning trend of ransomware gangs targeting companies in the industrial sector due to their willingness to pay and in many cases not report the incident publicly. In fact, CISA released an official warning on ransomware threats last year specifically for pipeline operators following an attack on a natural gas compression facility that caused a two-day shutdown.

The Schneider Downs cybersecurity team has experience working with several clients in the oil and gas industry, with our red team working with multiple SCADA systems. We know first hand how dangerous controls like these can be in the wrong hands and while this case is simply financially motivated, there are many instances where hactivist groups and foreign bodies are simply looking to send a message through cyber-attacks.  

Regardless of how the Colonial Pipeline situation is resolved, cybersecurity experts agree that attacks on critical infrastructure in the public and private sector will only continue to grow until organizations can build defenses to keep pace with the ransomware epidemic.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators
Benefits of a Purple Team Assessment
Understanding Windows 11 TPM Support Requirements
Jen Easterly Named Director of the Cybersecurity and Infrastructure Security Agency
Summertime, Learning Strides, and Cybersecurity
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]
p:571.380.9003

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×