Security Experts:

Colonial Pipeline Targets Recovery From Ransomware Attack by End of Week

After a ransomware attack forced Colonial Pipeline Company to proactively shut down operations of the largest refined products pipeline in the United States, the company is scrambling to get systems back to normal operating capacity.

The ransomware attack, which the FBI has confirmed to be the Darkside ransomware, triggered the company to halt all pipeline operations on Friday.

After resuming the services of a smaller lateral lines on Sunday, the pipeline’s core lines are still shut down, but the company hopes to be back to normal operational capacity by the end of this week.

“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said in an update Monday afternoon.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach. This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week." 

Colonial did not say if it had made a ransom payment to the cybercriminals behind the attack.

The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey. 

"While all the details of the attack are yet to be made public, it appears that this is a ransomware attack that landed on the IT network," Nick Cappi, Cyber Vice President, Portfolio Strategy and Enablement at Hexagon, told SecurityWeek in an emailed statement. "In an abundance of caution, Colonial shut down some or all of the industrial control systems to prevent the attack from spreading to these devices. Assuming they are able to isolate the attack and bring the control systems back online within a few days, this will be a shining example of a company’s ability to respond to and mitigate an attack. If they are unable to bring the control systems (and the pipeline) back online within a few weeks, the North East of the United States will likely see a steep increase in fuel prices and perhaps shortages and rationing."

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.