Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Colonial Pipeline Targets Recovery From Ransomware Attack by End of Week

After a ransomware attack forced Colonial Pipeline Company to proactively shut down operations of the largest refined products pipeline in the United States, the company is scrambling to get systems back to normal operating capacity.

After a ransomware attack forced Colonial Pipeline Company to proactively shut down operations of the largest refined products pipeline in the United States, the company is scrambling to get systems back to normal operating capacity.

The ransomware attack, which the FBI has confirmed to be the Darkside ransomware, triggered the company to halt all pipeline operations on Friday.

After resuming the services of a smaller lateral lines on Sunday, the pipeline’s core lines are still shut down, but the company hopes to be back to normal operational capacity by the end of this week.

“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said in an update Monday afternoon.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach. This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.” 

Colonial did not say if it had made a ransom payment to the cybercriminals behind the attack.

The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey. 

“While all the details of the attack are yet to be made public, it appears that this is a ransomware attack that landed on the IT network,” Nick Cappi, Cyber Vice President, Portfolio Strategy and Enablement at Hexagon, told SecurityWeek in an emailed statement. “In an abundance of caution, Colonial shut down some or all of the industrial control systems to prevent the attack from spreading to these devices. Assuming they are able to isolate the attack and bring the control systems back online within a few days, this will be a shining example of a company’s ability to respond to and mitigate an attack. If they are unable to bring the control systems (and the pipeline) back online within a few weeks, the North East of the United States will likely see a steep increase in fuel prices and perhaps shortages and rationing.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...