Major US pipeline restarts, following cyber attack

Operator reportedly paid ransom of US$4.4m

AFTER a five-day shutdown, operator Colonial Pipeline Company (CPC) restarted operations at its major US fuel pipeline system, after reportedly paying a US$4.4m ransom to cyber attackers.

The Colonial Pipeline spans more than 5,500 miles (8,047 km) and is the largest refined products pipeline in the US, delivering products such as gasoline, diesel, and jet fuel. Supplying the US East Coast, it transports 2.5m bbl/d of fuel, accounting for about 45% of East Coast supplies.

CPC insists that on learning of the attack on 7 May it took “certain systems” offline to contain the threat, halting all pipeline operations and affecting some IT systems. However, conflicting reports in the New York Times state that events appear to have unfolded over several days.

CPC has reportedly engaged a cybersecurity company – FireEye – which has launched an ongoing investigation into the incident. US law enforcement and other federal agencies are also investigating.

The shutdown led to fuel shortages and panic buying, with consumers worried about a prolonged reduction in supply

The FBI has confirmed that an outfit calling itself “DarkSide” created the ransomware used in the attack. DarkSide provides ransomware and related infrastructure to third parties to extort targets. It’s reported that whilst CPC had previously told Reuters it had no intention of paying the ransom, CPC CEO Joseph Blount later admitted in the Wall Street Journal to authorising a US$4.4m payout. This followed reports that the company had paid the hackers about US$5m to enable restart. Reportedly, DarkSide had collected US$90m in ransom over the past nine months, in cryptocurrency wallets that were emptied and shut down following the Colonial Pipeline attack.

Though its four main lines were mostly offline following the attack, CPC announced on 9 May that smaller lateral lines between terminals and delivery points were operational. On 10 May, it added that segments were being brought back online in a stepwise fashion. That same day, CPC announced that Line 4 – which runs through North Carolina and Virginia – was operating under manual control for a limited period.

To keep fuel moving while its pipeline was offline, CPC worked with shippers to deliver 967,000 bbl (as of 11 May), and in preparation for restart it took delivery of an additional 2m bbl from refineries to deploy upon restart.

On 12 May, as it announced restart, CPC said it had put additional security measures in place to protect its pipeline and would not have initiated restart if it did not deem it safe to do so.

As part of startup, CPC said it would be conducting pipeline safety assessments in compliance with all federal pipeline safety requirements.