(WAPO)
A ransomware attack caused a major East Coast fuel pipeline operator to shut down its entire network on Friday, according to two U.S. officials familiar with the matter.
The attack on top U.S. operator Colonial Pipeline appears to have been carried out by an Eastern European based criminal gang—DarkSide, and federal officials and the private security firm Mandiant are still investigating the matter, said one official and another person familiar with the matter.
Colonial Pipeline said in a statement on Friday that it had temporarily shut down all its pipeline operations after being hit by a cyber attack. It said it had notified law enforcement and other federal agencies.
Colonial’s 5,500 miles of pipelines carry fuel from refineries on the Gulf Coast to customers in the southern and eastern United States. It says it transports 45 percent of the fuel consumed on the East Coast, reaching 50 million Americans.
The company learned of the attack on some of its “information technology” or corporate network systems Friday, but “proactively took certain systems offline to contain the threat,” it said. In addition to contacting federal officials and law enforcement, it has also hired a cybersecurity firm to investigate the incident.
The company did not immediately respond to a request for comment on U.S. officials saying it was a ransomware attack.
The U.S. officials and experts in industrial control security said such attacks are more common than publicly known and that most just do not get reported.
“There are absolutely cases in industrial operations where ransomware impacts operations,’’ said Robert M. Lee, CEO and cofounder of Dragos, a major cybersecurity firm that handles incidents in the industrial control sector. “Oftentimes, though, that impact isn’t the impact that gets news media attention. They may not be to the level that this case is, but there are lots of industrial control companies that are battling ransomware around the United States.”
The trend “exploded” in the last three years after the WannaCry and NotPetya computer worms showed cyber criminals how targeting operational and industrial control systems are “more likely” to make companies pay out, Lee said. Most of the cases he’s seen in the United States have been conducted by criminals—not foreign governments, he said.
“The last few years have been incredibly busy” because of the proliferation of vulnerabilities in firewalls and virtual private networks have allowed ransomware criminals to gain access to networks at an unprecedented scale, he said
Mike Chapple, a cybersecurity expert at the University of Notre Dame and a former computer scientist at the National Security Agency, said the shutdown of pipeline infrastructure indicated that the attack was either very sophisticated or that Colonial’s systems were not well secured.
Colonial did not immediately respond to request for comment on the suggestion that its systems were not well secured.
“This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack,” Chapple said.
Prices for refined oil products are slumping on the Gulf Coast because of the shutdown. Analysts say that depending on how long the pipelines are out of service, prices for gasoline and jet fuel could rise in the New York area, as they did in 2017 when a hurricane forced a shutdown. As of now, with demand down and storage capacity around New York fairly full, analysts do not expect an immediate impact.