Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Colonial Pipeline Initiates Restart of Pipeline Operations After Ransomware Attack

Colonial Pipeline

Colonial Pipeline

Days after it was forced to shut down after falling victim to a ransomware attack last Friday, the Colonial Pipeline initiated a restart of pipeline operations Wednesday at approximately 5 PM ET.

“Following this restart, it will take several days for the product delivery supply chain to return to normal, a company spokesperson told SecurityWeek in a statement. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”

The attack, which involved the DarkSide ransomware, had significant implications, including states declaring a state of emergency, temporary gas shortages sparked by panicked motorists stocking up over fears of gas shortages caused by the hack, and gas prices rising.

Darkside has been linked to Russia, but the hackers said they only wanted to make a profit and denied any government ties. The Russian government has officially denied any involvement, but U.S. President Joe Biden said Moscow does have “some responsibility to deal with this.”

The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey. 

Earlier today it was reported that an outside audit conducted three years ago on the Colonial Pipeline found “atrocious” information management practices and “a patchwork of poorly connected and secured systems.”

“Industrial environments are operating with infrastructure that commonly maintains obsolete technology that can’t be patched, and staff that frequently are not as cyber savvy as they need to be to keep attackers at bay,” Grant Geyer, Chief Product Officer at Claroty, told SecurityWeek in commentary on the hack. “This leads to a situation where cyber security risk levels are below acceptable tolerances, and in some cases organizations are blind to the risk.”

The restart of Colonial’s pipeline operations happened within minutes of the White House announcing that President Joe Biden signed an executive order designed to strengthen U.S. cybersecurity.

Advertisement. Scroll to continue reading.

Related: Industry Reactions to Ransomware Attack on Colonial Pipeline

Learn More About ICS Security at SecurityWeek’s ICS Cyber Security Conference

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.