The biggest petroleum pipeline between Texas and New York is in the fourth day of a shutdown in response to a ransomware attack.
Colonial Pipeline, which supplies around 45% of the oil that serves 50 million Americans across the East Coast, has not yet stated when it plans to reopen.
The shutdown may boost oil prices in the near future, and it’s another example of the need for increased cybersecurity measures across essential US infrastructure.
The Hackers Just Want Money
The Georgia-based Colonial Pipeline shut down on Friday and revealed that they had suffered a ransomware attack on Saturday. Apparently, a hacker group had accessed their network, shutting down multiple computers and servers to lock up nearly 100 gigabytes of data, which they would only release when paid a ransom.
The cloud computing system was taken offline on Saturday, seemingly preventing the hackers from transferring the data for further extortion. The group presumed responsible: DarkSide, a group of seasoned ransomware hackers.
While they haven’t claimed credit for the ransomware attack by name, the group released a statement on Monday that seems to be a response, saying that they are “apolitical” and their goal is simply “to make money.”
DarkSide ransomware gang, which shut down the largest oil pipeline in the U.S., posted a notice that their only goal was money. pic.twitter.com/uZUkWz6rpi
— Fusion Intelligence Center @ StealthMole (@stealthmole_int) May 10, 2021
Some outlets have noted that DarkSide operates using a “ransomware as a service” business model — they develop the software needed for ransomware and sell them to a third party that actually carries out the attack itself.
If that’s the case, DarkSide is indirectly responsible, leaving open the possibility that another party entirely is involved.
How Did It Happen?
Colonial has been pretty tight-lipped about the details so far — lack of transparency is an understandable but harmful response to ransomware attacks, and part of what makes them a frequent recurring threat, with attacks costing US companies $7.5 billion in 2019 alone.
London-based cybersecurity firm Digital Shadows has speculated that work-from-home pandemic responses may have left remote-access points for the pipeline controls open to exploitation, with DarkSide able to potentially buy login details for remote desktop software.
If that’s the case, password managers and trusted VPNs could go some ways toward reducing the likelihood of future password leaks, though they won’t eliminate the risk entirely.
It Could Impact Oil Availability and Prices
While Colonial stated on Sunday that it had restarted smaller lines connecting fuel terminals to customer delivery points, the main lines are still off.
The southeastern United States will be the first to be impacted by gas shortages, and prices have indeed increased at retail pumps in response to the news. These price hikes are driven entirely by fears of a higher demand rather than a higher demand itself:
“My biggest concern, as far as the consumer goes, is that you end up with a run on the gasoline supplies at the gas station, further exacerbating what is happening at the terminals,” Andrew Lipow, president of consultants Lipow Oil Associates LLC, told Reuters.
Nationwide averages remained steady at $2.96 a gallon from Saturday to Sunday, and given the lack of physical damage to the pipeline, a quick recovery with minimal disruption seems likely.
Another impact? Waived regulations for the truck drivers responding to the crisis. The FMCSA has suspended hours of service (HOS) for fuel haulers across 17 states. This exempts anyone hauling gasoline, diesel, jet fuel, and other refined petroleum products from the standard limits on the number of hours in a row that they drive — a safety regulation that would otherwise be enforced via ELD tracking devices mandated in every commercial vehicle fleet in the US.
The goal is to limit disruptions and the economic ripples that would result from the 5,500-mile pipeline’s shutdown, though it seems unlikely that those disruptions can be avoided entirely.
No matter how quickly the ransomware situation is resolved, the entire ordeal remains an example of how critical infrastructure in the US remains vulnerable to cyberattacks from bad actors.