Ransomware attack shuts down massive 5,500-mile pipeline that transports 45% of East Coast's fuel

Venustus · May 9, 2021

ALPHARETTA, Ga. -- The operator of a major pipeline system that transports fuel across the East Coast said Saturday that it had been victimized by a ransomware attack and that it had halted all pipeline operations to deal with the threat. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown of the pipeline, experts said.
Colonial Pipeline did not say what was demanded or by whom, but ransomware attacks are typically carried out by criminal hackers who seize data and demand a large payment in order to release it.
The attack on a pipeline operator, which says it delivers roughly 45% of all fuel consumed on the East Coast, underscored again the vulnerabilities of critical infrastructure to cyberattacks both by criminal hackers and U.S. adversaries. It presents a new challenge for an administration still grappling with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.

upnorth · May 9, 2021

Stopspying · May 9, 2021

Reports about cyberattacks on critical national infrastructure are becoming more common, as we seemingly experience a higher degree of international cyber attacks (cyberwar?). I wonder how many unexplained power outages etc in the past were in fact the result of foreign interference, rather than some of the undisclosed/vague reasons provided afterwards.

When that massive container vessel blocked the Suez canal a few weeks ago it also brought home how key bits of the world's infrastructure are very vulnerable. The knock on effects that things like that can have on 'just in time' delivery systems that so many suppliers rely on is immense.

Paul.R · May 9, 2021

stick with the plan...all planned...

cruelsister · May 9, 2021

One thing that hasn't yet been mentioned by the news folks is that Colonial Pipeline utilizes the Supervisory control and data acquisition (SCADA) control system which is quite easy (kinda-sorta) to drop a rootkit on, so the fun may just be beginning.

Glad, though, that CP was wise enough to call in my old Flames from FireEye instead of the usual clowns from Symantec to investigate (just sayin').

plat · May 9, 2021

Unless it is established that there were insiders assisting the ransomware operators, I'm again inclined to blame the "victim." Was nothing learned from the SolarWinds attack?

Just another slack, greedy corporation, handing off the repercussions to the consumer in the form of higher gas prices and reduced supply. Stupid corporate fat-cats.

wat0114 · May 9, 2021

plat1098 said:
Unless it is established that there were insiders assisting the ransomware operators, I'm again inclined to blame the "victim."

I can't help but wonder, what are the odds someone opened an email attachment or clicked on an email link they should have avoided.

ForgottenSeer 69673 · May 9, 2021

FireEye HAS GAINED a bunch of notice the past 5 years. They know what they are doing. Who doneit? It is pretty obvious who in the world loos at this forum. Everyone!!! Cruel , it is good to see you again. How is them pretty feet?

upnorth · May 10, 2021

ESC-SSC-WSC - Regional Emergency Declaration 2021-002 - 05-09-2021 | FMCSA

This Declaration includes ETHANOL

www.fmcsa.dot.gov

Venustus · May 11, 2021

US fuel pipeline hackers 'didn't mean to create problems'

The US has relaxed rules on fuel transport after a ransomware cyber-attack took the pipeline offline.

www.bbc.com

plat · May 11, 2021

Gas Shortages, Long Lines Across Southeast After Colonial Pipeline Cyberattack

Just heard on the news that the state of North Carolina has declared a "State of Emergency." Also on the same news: what made Colonial Pipeline so vulnerable and can government agencies (read: the military) step in?

Gandalf_The_Grey · May 11, 2021

We often think of those big hacks as some far off thing that has nothing to do with us.
This is my local gas station this morning. The one down the street has 2 dozen cars waiting on 4 pumps and it will be out soon. Reports from the area are this is widespread.
Gas stations along Southeast coast suffer fuel shortage amid pipeline shutdown

When A Hack Effects You - TweakHound

Optimize your computing experience, Performance, Tweak, Tweaker, Tweaking Windows, Tweak Guides, Tweakguides, Privacy, Security, Computer How-to, fix computer, Computer news and information, Windows Xp, Windows 7, Windows 10, Linux

www.tweakhound.com

upnorth · May 11, 2021

Stopspying · May 12, 2021

Critical infrastructure has long been flagged as prime targets for cyberattacks, be they criminal or nation state inspired. As mentioned in this thread history underlines this, especially recent history. The free market seems to be more about the bottom line and shareholder dividends than ensuring services are secure. We're not still in the primary school equivalent stage of learning about these threats as a society, so why does big business still get away with this head in the sand type behaviour?

If anyone is looking for a new career, learning how to prevent cyberattacks, preferable to defending against, is a huge growth area.

Paul.R · May 12, 2021

Colonial Pipeline restarts service. In 24 hours they will come with the news , also it will take "several days" to restore normal supply, according to Colonial Pipeline.

Gandalf_The_Grey · May 13, 2021

President Joe Biden signs executive order to strengthen U.S. cybersecurity defenses:

Following the crippling ransomware attacks on Georgia-based Colonial Pipeline, United States President Joe Biden has signed an executive order aimed at strengthening U.S. cybersecurity defenses. The company operates 5,500 miles-long pipelines that can carry 3 million barrels of fuel per day between Texas and New York. The attack has led to widespread fuel shortages along the East Coast and panic buying in the southeastern United States.

Ransomware attacks are usually carried out using a trojan, which then spreads malware that blocks and encrypts files on a device or network that results in the system becoming inaccessible in most cases. The attackers then threaten to publish the victim's data or perpetually block access to it unless a ransom is paid.

The FBI confirmed that it believes the DarkSide ransomware is responsible for the attack on Colonial Pipeline. DarkSide is a criminal group with origins in Russia.

The White House said it was directing a “comprehensive federal response” in light of the recent attack. President Joe Biden’s executive order takes a number of steps for modernizing the nation’s cybersecurity defenses which include upgrading to secure cloud services and other cyberinfrastructure. It also mandates the deployment of multifactor authentication mechanisms and encryption with a specific time period in place. Software developers are even required to share certain security data publicly.

Colonial announced in a press release that although it has started pipeline operations, it will take several days for fuel deliveries to return to normal levels. President Biden's Energy Secretary Jennifer Granholm also tweeted the update after a phone call with Colonial CEO Tim Felt.

Colonial Pipeline's use of outdated on-premises Exchange Servers seem to be a potential attack vector, but it has not yet been confirmed that this was indeed the security vulnerability that led to the latest attack. Microsoft’s systems were also involved in the SolarWinds attack last year. Microsoft's President Brad Smith had described the cyberattack as “the largest and most sophisticated attack the world has ever seen.”

Even though Microsoft has published many advisories about the importance of keeping on-premises Exchange Servers up to date due to several vulnerabilities being exploited in the wild, many organizations have failed to do so leading to devastating cyberattacks.

President Joe Biden signs executive order to strengthen U.S. cybersecurity defenses

President Joe Biden's executive order comes after a crippling ransomware attack on Colonial Pipeline led to widespread fuel shortages. It will take several days for operations to normalize.

www.neowin.net

CyberPanther · May 13, 2021

After a six-day outage, the top U.S. fuel pipeline on Thursday moved some of the first millions of gallons of motor fuels after a crippling cyberattack led to fuel shortages across East Coast states.

The Colonial Pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, said on Thursday it had begun supplying some fuel to most regions along its 5,500 mile (8,850 km) route. It will expand to areas including Baltimore by mid-day, it said.

Top U.S. fuel pipeline recovering from devastating ransomware attack

upnorth · May 13, 2021

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee