Catch Of The Week: Ransomware Shuts Down U.S. Pipeline

Los Alamos

Colonial Pipeline, one of the top U.S. fuel pipeline operators, shut down its entire network, affecting the pipeline that supplies nearly half of the U.S. East Coast’s fuel supply after a cyber-attack involving ransomware.

Just how bad is this? Well, Memorial Day and the summer driving season are coming up in a matter of weeks. So depending on how long this shutdown lasts, it could cause prices to spike at gasoline pumps ahead of the peak summer driving season.

2.5 million barrels of gasoline, diesel, jet fuel, and other refined products are transported through 5,500 miles of pipelines every day by Colonial’s pipeline systems. The pipeline moves products from refiners on the Gulf Coast to the eastern and southern U.S. It also serves some of the country’s largest airports.

Who is behind this attack? Contrary to popular belief, it probably wasn’t some dude in a black hoodie. Instead, according to Reuters and other sources, the attack was likely executed by a professional cybercriminal group, possibly a group known as “DarkSide”. Colonial has reportedly engaged FireEye to assist them with incident response and recovery to this event. Details are scarce, but the fact they had to shut down the entire network is worrisome.

Quick refresher – what is ransomware? Ransomware is a type of malware that encrypts all the files on a user’s computer. The attacker then demands the user pay a ransom to get the key to decrypt their files. These attacks affect everyone, from individuals up to multi-national companies. Ransoms can range from a few hundred dollars up to millions of dollars, usually payable in Bitcoin.

How do these attacks get in? One of the most common methods is the phishing email attack. Using social engineering techniques, attackers will get the malware on the user’s system via an email with a malicious attachment or a phishing link that redirects the user to a malware download.

Ransomware attacks continue to be a massive problem for businesses and individuals, and attacks are on the rise. According to the 2021 SonicWall Cyber Threat Report, ransomware attacks have increased 158 percent in the U.S. since 2019 and up 62 percent globally. Additionally, according to the research from Palo Alto Networks, the average payment following a ransomware attack in 2020 went up 171 percent to $312,493 compared to $115,123 in 2019. The reason these attacks continue to be a considerable problem is their incredible profitability.

The attack on Colonial Pipeline is one of the most disruptive ransomware attacks the U.S., and likely the world, have ever seen. Rob Lee, CEO of Dragos, was quoted in an article in Wired magazine as saying, “This is the largest impact on the energy system in the United States we’ve seen from a cyberattack, full stop.”

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

LOS ALAMOS website support locally by OviNuppi Systems