A major ransomware attack on Colonial Pipeline, an Alpharetta, Georgia-based petroleum company that supplies gasoline, diesel and jet fuel, caused it to temporarily shut down 5,500 miles of pipe along the Gulf Coast. The company, which is one of the most important U.S. pipelines and carries the tagline of “America’s Energy Lifeline,” transports 2.5 million barrels of fuel between the Port of New York and New Jersey to Houston per day, and is responsible for providing 45 percent of fuel supply for the U.S. East Coast, writes The New York Times. As a result of the attack, concerns were heightened surrounding the infrastructure of the nation’s cybersecurity in this industry, along with many others that have been subject to recent attacks, including several state governments, hospitals, manufacturers and a police department. Here’s what you need to know.

What happened? 

On May 7, DarkSide, a hacker group that originated in Eastern Europe in August of last year, reportedly stole about 100 gigabytes of data from Colonial Pipeline; an amount equivalent to 5,000 hours of internet browsing, 25,000 music tracks or 650 hours of playing music, writes USMobile.com. The hack was part of a double extortion scheme, which is a type of cyberattack that entails demanding two separate payments in exchange for a) a code to unlock devices, data, files and/or servers that were compromised, and b) the promise to destroy data that was stolen. DarkSide functions as a ransomware-as-a-service platform, which vetted hackers can use to infect companies with malware and demand payment from victims. The group claims to only target large corporations and allegedly prohibits users from issuing attacks on industries such as education, nonprofit, funeral services, health care and public sector, although DarkSide also released a statement that it was initially unaware of the attack on Colonial Pipeline and regretful for its widespread impact.

News of the cyberattack led to a worried public, with many Americans on the East Coast, particularly in the southern region, heading over to gas stations and filling their tanks to prepare for an impending shortage or sky-high prices. In 16 states, gas prices surpassed a $3 per-gallon average, which marks a new 6.5-year high, writes The Hill, and more than 1,000 gas stations in the southeastern region ran dry, writes Bloomberg. The reaction resulted in many gas stations being drained of their reserves, and in North Carolina, South Carolina and Virginia, a state of emergency was declared. If the shutdown were to have lasted three to five days longer, the Departments of Energy and Homeland Security reported the transportation and energy industries would have faced immense challenges, specifically mass transit, and at 10 days, airlines would have been grounded.

How did Colonial Pipeline respond? 

The attack wasn’t on the pipeline itself or the company’s operational technology, but on the computers that oversee its business operations. To prevent the spread of malicious software and avoid hackers from potentially gaining access to susceptible parts of the pipeline, Colonial Pipeline shut down its pipeline as well as its information systems for six days. Colonial Pipeline also hired private security company FireEye, which previously worked on the hacking of Sony Pictures Entertainment in 2014 and events affecting the federal government, to conduct an investigation. Ironically, in the weeks leading up to the attack, Colonial Pipeline had been looking to hire a cybersecurity manager, according to CNN. Despite Colonial Pipeline stating that it did not intend to pay the ransom, on May 7, it reportedly paid nearly $5 million to DarkSide, according to Bloomberg, and on May 12, the pipeline resumed service as normal.

What can businesses learn from this? 

The shutdown of Colonial Pipeline brings attention to the weaknesses in both companies’ and entire industries’ cybersecurity infrastructure. Ransomware attacks can send organizations, companies, and in some cases, entire countries, on a tailspin to attempt to control the damage, relay up-to-the-minute information to patients, residents and consumers, and develop necessary measures to prevent future attacks. Worst of all, it can happen to any company in any industry, of any size. In a report by Sophos, a UK-based IT security company, last year, half of businesses worldwide (51 percent) were subject to ransomware attacks. In the aftermath of the Colonial Pipeline cyberattack, the importance of preparing one’s business with effective cybersecurity measures and tools cannot be understated. For businesses looking to make their efforts more robust, Entrepreneur suggests five key actions: securing hardware, encrypting and backing up data, investing in cybersecurity infrastructure, creating a security-focused workplace culture, and using vigorous anti-malware and firewall software.


Danielle Renda is associate editor of PPB.