On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomwarecyberattack that afflicted computerized equipment managing the pipeline.[4][5][6] The Colonial Pipeline Company halted all pipeline operations to contain the attack.[7][8][9][10] Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours;[11][12] upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.[12]
The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9.[13] It was the largest cyberattack on an oil infrastructure target in the history of the United States.[2] The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party.[14] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[1]
On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (about 84% of the original payment) from the ransom payment,[15] but due to a crash in the value of Bitcoin in late May,[16] the recovered bitcoins were worth only around $2.3 million USD,[15] roughly half of their original value.
This was one of first high profile corporate cyber attacks which started from a breached employee personal password likely found on the dark web rather than a direct attack on the company's systems.[17]