Colonial Pipeline ransomware attack

Colonial Pipeline ransomware attack
Date
  • May 6, 2021 (data stolen)[1]
  • May 7, 2021 (malware attack)
  • May 12, 2021 (pipeline restarted)
LocationUnited States
TypeCyberattack, data breach, ransomware
TargetColonial Pipeline
SuspectsDarkSide[2][3]

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that afflicted computerized equipment managing the pipeline.[4][5][6] The Colonial Pipeline Company halted all pipeline operations to contain the attack.[7][8][9][10] Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours;[11][12] upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.[12]

The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9.[13] It was the largest cyberattack on an oil infrastructure target in the history of the United States.[2] The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party.[14] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[1]

On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (about 84% of the original payment) from the ransom payment,[15] but due to a crash in the value of Bitcoin in late May,[16] the recovered bitcoins were worth only around $2.3 million USD,[15] roughly half of their original value.

This was one of first high profile corporate cyber attacks which started from a breached employee personal password likely found on the dark web rather than a direct attack on the company's systems.[17]

  1. ^ a b Robertson, Jordan; Turton, William (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News. Archived from the original on May 9, 2021. Retrieved May 9, 2021.
  2. ^ a b Gonzalez, Gloria; Lefebvre, Ben; Geller, Eric (May 8, 2021). "'Jugular' of the U.S. fuel pipeline system shuts down after cyberattack". Politico. Archived from the original on May 9, 2021. Retrieved May 9, 2021. The infiltration of a major fuel pipeline is "the most significant, successful attack on energy infrastructure we know of."
  3. ^ Helmore, Edward (May 10, 2021). "FBI confirms DarkSide hacking group behind US pipeline shutdown". The Guardian. Archived from the original on May 12, 2021. Retrieved May 10, 2021.
  4. ^ Bing, Christopher; Kelly, Stephanie (May 8, 2021). "Cyber attack shuts down top U.S. fuel pipeline network". Reuters. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  5. ^ Segers, Grace (May 8, 2021). "Cyberattack prompts major pipeline operator to halt operations". CBS News. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  6. ^ Peñaloza, Marisa (May 8, 2021). "Cybersecurity Attack Shuts Down A Top U.S. Gasoline Pipeline". NPR. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  7. ^ Sanger, David; Krauss, Clifford; Perlroth, Nicole (May 8, 2021). "Cyberattack Forces a Shutdown of a Top U.S. Pipeline". New York Times. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  8. ^ Eaton, Collin; Volz, Dustin (May 8, 2021). "U.S. Pipeline Cyberattack Forces Closure". Wall Street Journal. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  9. ^ Stracqualursi, Veronica; Saenz, Arlette; Sands, Geneva (May 8, 2021). "Cyberattack forces major US fuel pipeline to shut down". CNN. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  10. ^ Romero, Dennis (May 8, 2021). "Colonial Pipeline blames ransomware for pipeline shutdown". NBC News. Archived from the original on May 8, 2021. Retrieved May 8, 2021.
  11. ^ Marquardt, Alex; Perez, Evan; Cohen, Zachary (June 7, 2021). "First on CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers | CNN Politics". CNN. Retrieved July 16, 2023.
  12. ^ a b Turton, William; Riley, Michael; Jacobs, Jennifer (May 12, 2021). "Colonial Pipeline Paid Hackers nearly $5 Million in Ransom". Bloomberg.
  13. ^ Falconer, Rebecca (May 10, 2021). "Emergency declaration issued in 17 states and D.C. over fuel pipeline cyberattack". Axios. Retrieved May 10, 2021.
  14. ^ Javers, Eamon (May 10, 2021). "Here's the hacking group responsible for the Colonial Pipeline shutdown". CNBC. Archived from the original on May 10, 2021. Retrieved May 11, 2021.
  15. ^ a b Mallin, Alexander; Barr, Luke (June 8, 2021). "DOJ seizes millions in ransom paid by Colonial Pipeline". ABC News. Retrieved July 16, 2023.
  16. ^ Morrow, Allison (May 22, 2021). "A crypto crash wiped out $1 trillion this week. Here's what happened | CNN Business". CNN. Retrieved November 29, 2023.
  17. ^ Turton, William; Mehrotra, Kartikay (June 4, 2021). "Hackers Breached Colonial Pipeline Using Compromised Password". Bloomberg.com. Retrieved August 25, 2022.