Colonial Pipeline Ransomware Attack Shows 'Fear Fast Becoming Reality'

Last week’s Colonial Pipeline ransomware attack shut down a major U.S. fuel pipeline. It could potentially push gas prices higher and disrupt supply in the eastern United States.

Russian cybercrime group Darkside carried out the attack. In response, the U.S. Department of Transportation issued an emergency declaration to increase alternative transportation routes for oil and gas.

Colonial Pipeline is the largest refined products pipeline in the United States.

Restoration Expected by End of Week

On Saturday, Colonial Pipeline said it proactively took certain systems offline to contain the threat. This temporarily halted all pipeline operations and affected some of its IT systems.

“To restore service, we must work to ensure that each of these systems can be brought back online safely,” Colonial Pipeline said on Monday. “While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach. This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week. The company will provide updates as restoration efforts progress.”

In addition, FireEye has confirmed its Mandiant incident response division is investigating the nature and scope of the ransomware attack. It hasn’t released any further information regarding its work with Colonial Pipeline.

Critical Infrastructure Updates Necessary

Shared Assessments’ Tom Garrubba

Tom Garrubba is CISO at Shared Assessments. He said numerous agencies for years have been calling for an update to critical infrastructure; however, the time for initial action has long passed.

“The evidence is clear: We are under attack by both rogue and state-sponsored organizations, and the cyber community along with the general public have taken notice and are getting very worried,” he said. “Any company, whether primary or downstream providing support to our country’s national infrastructure, needs to take a good, hard look at the systems supporting those processes and ask themselves, ‘Can we be next? Do we need to update our systems? Do we need assistance to support and secure these systems?’ And if so, petition their corporate boards and owners for the requisite financial support in upgrading and securing these systems.”

Scroll through our slideshow above for more reactions to the Colonial Pipeline ransomware attack.