Larger pipelines still down, some smaller pipelines restored
Note: We are reader supported and may earn a small commission when you click on links in posts
Colonial Pipeline Co. is in its third day a recovering from a severe ransomware attack on its network and control systems. The company’s refined fuel pipelines were disabled after a successful ransomware attack infiltrated its corporate IT systems. The fuel transporter moves refined fuel from the Gulf of Mexico to the East Coast of the United States. Colonial was forced to take IT systems offline from ransomware that had successfully compromised its systems.
Although a forensic investigation has yet to reveal the details, it is believed that DarkSide ransomware gang is responsible for attacking colonial pipeline.
Colonial Pipeline supplies gasoline, heating oil, aviation jet fuel, and diesel fuel to the East Coast of the United States. The company’s 5,500 miles of pipelines transport about 45% of refined petroleum products sent to the East Coast of the United States.
At this time is unknown how the attackers gained access to colonial Pipeline’s IT network.
“In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems,” says the statement from Colonial Pipeline Co.
Ransomware is a type of malicious computer code – called malware – that infects a computer or entire IT network. It takes control of infected devices and computer networks as well as the data they contain. the cybercriminals who use ransomware hold the devices, networks, and all the information on them hostage unless their ransom demands are met.
DarkSide ransomware gang typically attempts to leverage stolen data exfiltrated during a ransomware attack to demand large sums of ransom – typically millions of dollars.
Last year, the cyber criminals behind DarkSide ransomware attacked a Toronto based publicly traded Toronto company. The cybercriminals exfiltrated 200 gigabytes of data. The sensitive stolen employee files included banking information, payroll data, as well as business plans.
In March of this year, REvil ransomware gang, successfully attacked computer manufacturer Acer. The cybercriminals demanded a record-setting $50,000,000 in ransom.
In February, Kia Motors America was attacked by DoppelPaymer ransomware gang. The attackers demanded USD $20 million to relinquish control of KIA’s corporate IT system. The attackers had also breached Hyundai Motor America.
Attackers often take advantage of security flaws in unpatched operating systems, hardware, or apps. They may also take over a system by sending highly targeted phishing emails to corporate employees in attempts to steal there are login credentials.
Corporate phishing attacks can be exceptionally successful and highly damaging to any company.
Cyber criminals often exploit the fact that many people reuse the same password and login credentials over and over, across multiple online accounts. If the attackers are able to hack into an Instagram account, they can often use it to gain access to corporate Microsoft Office credentials, sensitive human resources data, payroll data, or banking credentials, to name just a few examples.
Using a password app to create and maintain a unique password for all of your online accounts is one of the best ways to protect your private information as well as your workplace login credentials.
Colonial Pipeline Co. says it has restored smaller pipelines that ship fuel to the U.S. East Coast, but larger ones are still offline due to the ransomware attack.
Feds Issue Emergency Declaration
The US Federal Motor Carrier Safety Administration (FMCSA) has issued an Emergency Declaration which affects seventeen U.S. states as well as the District of Columbia. This declaration relaxes safety regulations that pertain to commercial motor carriers making it easier for them to transport fuel during this extreme situation.
The Federal Emergency Declaration will expire at the end of the day on June 8 or when the emergency state is ended by FMCSA.
The states and jurisdictions covered by the Emergency Declaration are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.
Cyber security firm FireEye has been contracted to help Colonial get their systems back online. According to the statement from the Colonial, IT systems and pipelines will be restarted in a stepwise fashion to ensure all systems are clear of ransomware.
FireEye itself was the recent victim of a damaging cyberattack. The infamous SolarWinds cyberattack infiltrated about 18,000 IT networks worldwide including FireEye itself. Victims included several US Federal government agencies, enterprise corporations, and the systems of governments abroad.
Russian cybercriminals were able to infiltrate government IT systems because of the use of an extremely weak password. The shamefully weak password, “solarwinds123” was left on a GitHub account that was visible to the public.
Russia has denied all responsibility for the SolarWinds attack.
“Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time,” said Colonial.