A major US oil pipeline has been shut down because the company behind it has been hit by ransomware. There were already rumors that the Colonial Pipeline had been hit by a cyber attack, but the company now confirms that it is ransomware.
The Colonial Pipeline Company, which manages the oil pipeline of the same name, has itself confirmed that it was hit by ransomware on Friday after rumors had circulated about it earlier this weekend. It is not known which ransomware is involved. Sources from NBC News say early signs indicate that these are “regular” criminals and not an attack from another country such as Russia or Iran. Several sources tell the BBC that it is a Russian criminal organization called DarkSide. They would have stolen 100GB of data from the company and threaten to leak it on the internet. DarkSide is not affiliated with the Kremlin, but is a relatively new criminal organization.
The extent of the attack is also not yet fully understood. The Colonial Pipeline Company has taken parts of the IT network offline as a precaution. “This action caused the entire pipeline to be shut down and hit some IT systems. We are in the process of restoring them,” the company wrote. A plan has now been drawn up to restart the systems and the pipeline itself. That starts with small local systems and then starts the larger systems.
The security company FireEye is said to have been called in to help. Also, US authorities, including the Department of Energy and the FBI, are said to be ready to help.
The Colonial Pipeline is one of the most important parts of the US energy infrastructure. The pipeline is 8850 kilometers long and runs from the Texan coast on the Gulf of Mexico to the state of New Jersey. The pipeline carries 2.5 million barrels of oil per day, supplying nearly half of the US East Coast with oil.