Advertisement

Colonial Pipeline: What we know and what we don’t about the cyberattack

Click to play video: 'FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline' FBI: Russian hacker group to blame for ransomware attack on Colonial Pipeline
WATCH ABOVE: A vital pipeline carrying fuel along the U.S. East Coast - the Colonial Pipeline -- remains offline days after a critical ransomware attack brought its operations to a halt. The FBI now says a Russian hacker group known as DarkSide is responsible. As Jackson Proskow reports, it's the latest in a string of cyberattacks targeting American infrastructure – May 10, 2021

Ransom-seeking hackers have broken into Colonial Pipeline, prompting the company to shut one of America’s major arteries for fuel delivery.

Here is a look at what we know, and what we don’t, about one of the most disruptive digital shakedown efforts to hit a U.S. company.

WHO IS INVOLVED?

Alpharetta, Georgia-based Colonial Pipeline and the U.S. government have both blamed ransomware for the massive outage, pointing the finger at cybercriminal gangs who routinely hold data and computer networks hostage in exchange for digital currency payments.

Story continues below advertisement

Read more: Largest refined pipeline operator in U.S. shuts down network after cyberattack

Click to play video: 'Colonial Pipeline: White House gives update on cyberattack, says no current supply shortage' Colonial Pipeline: White House gives update on cyberattack, says no current supply shortage
Colonial Pipeline: White House gives update on cyberattack, says no current supply shortage – May 10, 2021

There is no official word on which group is believed to have carried out the intrusion – and attributing malicious activity online can be extremely difficult – but a former U.S. official and three industry sources told Reuters a group dubbed “DarkSide” was among the suspects. If so, that would lay the responsibility on a new but professional group of criminals believed to be operating out of the former Soviet republics.

Cybersecurity FireEye is involved with the incident response, according to three industry sources.

HOW BAD IS IT?

Ransomware can deal catastrophic damage to an organization’s network by locking away critical data or even wrecking computers beyond repair. But the effect on the actual nuts and bolts of energy companies’ operations varies.

Story continues below advertisement
Click to play video: 'U.S. Commerce secretary says cyber attacks on energy infrastructure ‘top priority’ after Colonial Pipeline impacted' U.S. Commerce secretary says cyber attacks on energy infrastructure ‘top priority’ after Colonial Pipeline impacted
U.S. Commerce secretary says cyber attacks on energy infrastructure ‘top priority’ after Colonial Pipeline impacted – May 9, 2021

A destructive cyberattack on Saudi Aramco in 2012 crippled the oil giant’s computer network but left production more-or-less unscathed. By contrast, a more recent ransomware incident at Norsk Hydro temporarily pushed the aluminum maker to switch away from automated production at its smelters.

Click to play video: 'Cyber security experts say ransomware data breach in health care sector is a lesson for everyone' Cyber security experts say ransomware data breach in health care sector is a lesson for everyone
Cyber security experts say ransomware data breach in health care sector is a lesson for everyone – Sep 29, 2020

Experts say the severity of the Colonial case will depend on whether the ransomware made its way into the company’s operational technology network, which interfaces with the pipeline itself. Earlier this year, U.S. government officials announced https://us-cert.cisa.gov/ncas/alerts/aa20-049a that an intrusion at an unnamed natural gas compression plant that spilled over into its operational technology network forced a two-day shut down of its entire pipeline.

Story continues below advertisement

Colonial has not given any public indication as to the reach of the ransomware outbreak, but Robert M. Lee, chief executive of cybersecurity firm Dragos, said he believed Colonial’s operations network was shut down proactively “to make sure that nothing spread into those systems.”

He said that will hopefully translate to “a temporary outage versus something that would be more sustained.”

Click to play video: 'Biden to meet with Putin over ransomware cyberattack on Colonial Pipeline' Biden to meet with Putin over ransomware cyberattack on Colonial Pipeline
Biden to meet with Putin over ransomware cyberattack on Colonial Pipeline – May 10, 2021

Read more: Ransomware demands double amid COVID-19, with health care industry a key target, report shows

WHAT HAPPENS NEXT?

U.S. government officials are working with Colonial to help it recover while scrambling to avoid more severe fuel supply disruptions should the outage continue.

Story continues below advertisement

Colonial’s pipeline network serves major U.S. airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest by passenger traffic, and experts say regional fuel supplies could be impacted if the pipeline stays shut.

Click to play video: 'Consumer Matters: Why your current password might not be enough to protect you from cyber criminals' Consumer Matters: Why your current password might not be enough to protect you from cyber criminals
Consumer Matters: Why your current password might not be enough to protect you from cyber criminals – May 6, 2021

“A one-to-two-day outage is really a minor inconvenience,” said Andrew Lipow, president of Lipow Oil Associates. But by day four or five, he said, “we could see a much greater widespread impact through large areas throughout the mid-Atlantic and the southeast.”

Whether the pipeline stays shut that long in turn depends on how deeply the hackers penetrated Colonial’s network – and how soon cybersecurity experts can pull them out.

Click to play video: 'How hackers can exploit vulnerabilities in Canadian companies' How hackers can exploit vulnerabilities in Canadian companies
How hackers can exploit vulnerabilities in Canadian companies – May 10, 2021

Sponsored content