Colonial Pipeline taken down by ransomware

By Dylan Bushell-Embling
Monday, 10 May, 2021

One of the world’s largest fuel pipeline operators, US-based Colonial Pipeline Company, has been forced to shut down its pipeline operations in response to a ransomware campaign that experts believe could be one of the world’s most damaging.

Colonial Pipeline Company learned it was a victim of a ransomware attack on Friday, and responded by taking certain systems offline to contain the threat, the company said in a statement.

These actions temporarily halted all pipeline operations across the US. Colonial Pipeline said it has started the process of restoring its pipelines, and while its mainlines remain out of commission, some smaller lateral lines between terminals and delivery points are now operational.

The company has engaged a third-party cybersecurity firm to investigate the nature and scope of the ongoing attack.

Illumio CEO Andrew Rubin said the event could prove to be “the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe”.

He said such ransomware attacks are a recurring nightmare for organisations. “Organisations continue to rely and invest entirely on detection as if they can stop all breaches from happening,” he said.

Meanwhile, Claroty Chief Product Officer Grant Geyer said the incident will be only a teaser of the future of cyber attacks.

“As cybercriminals and foreign adversaries seek opportunities for financial gain and power projection, critical infrastructure is an easy target,” he said.

“Industrial environments are operating with infrastructure that commonly maintains obsolete technology that can’t be patched, and staff that frequently are not as cyber savvy as they need to be to keep attackers at bay. This leads to a situation where cybersecurity risk levels are below acceptable tolerances, and in some cases organisations are blind to the risk.”

Image credit: ©stock.adobe.com/au/Kalyakan