How did the Colonial Pipeline Attack Occur?

Last week, the east coast was shocked by news of a ransomware attack on the Colonial Pipeline. This attack left entire towns without gas and caused widespread panic purchasing. From everything we know, this attack was perpetrated by a group called DarkSide – notorious for targeting the industrial sector and disrupting services. They managed to get encrypted data into their network which locked the business out of crucial parts of their operations – forcing them to shut down the pipeline for approximately 2 days.

European Hacking Group - DarkSide

DarkSide is a group of hackers that are likely based in Russia. The Darkside Group has conducted this type of hack within the same industrial industry before. Earlier this year they reportedly hacked two Brazillian state-owned electric and utility companies Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel). Attacking these companies is no coincidence. Over the past several years, rising concerns have been made about the energy sector and other critical services being under protected from cybersecurity threats. Groups like DarkSide target these organizations because they realize that disrupting a major service will likely force the organization to pay the ransom – and quickly.

What effect does this have on

  • Shut down the pipeline for a couple days
  • Left major portions of the east coast without access to gas
  • Caused major panic within the region which lead to people hoarding gas
  • Increased prices to the highest they have been in six and a half years
  • Cost the pipeline five million dollars in ransom money

The Federal Government Got Involved

President Joe Biden was briefed on this situation on Monday following the ransomware attack. Very rarely do these sorts of attacks make national news and reach the highest power in the United States, but this attack did. Why? Because this attack exemplified just how devastating a ransomware attack can be at the highest levels. Often, these sorts of attacks will affect a single business and their clientele but have very little effect on the country. In this case, the Colonial was forced to shut down over 5,500 miles of pipeline and left millions of Americans without access to gas – meriting a message from the President of the United States.

Since this attack, President Biden has issued an executive order that will:

  • Require IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks
  • Standardize a federal response playbook and set of definitions for cyber incidents
  • Pressures the federal government to upgrade to secure cloud solutions and other cyber infrastructure
  • Require Multi-Factor Authentication and encryption at the federal level
  • And more...

The business cost for Colonial Pipeline

Colonial Pipeline took a major hit after this attack became public and was announced to at a federal level. They were forced to shut down over 5,500 miles of pipeline – cutting off huge regions of the east coast from access to gas. They were nearly forced to pay a five-million-dollar ransom to decrypt the encrypted systems. They were completely shut down for two days, costing them additional operations spend without generating revenue.

We understand it is easy to put off investigating your security health, but doing so could cost your business money, time, and its reputation. If your organization is interested in addressing possible gaps in your IT security, please contact our team. We are happy to help identify and remediate any issues your network may have.