Cyber-Attack Shuts Down Biggest Gasoline Pipeline in U.S.


Article content

(Bloomberg) — The operator of the biggest gasoline pipeline in the U.S. shut down operations late Friday following a suspected ransomware attack that threatens to roil energy markets and upend the supply of gas and diesel to the East Coast.

Colonial Pipeline is working to restore operations and has hired a third-party cybersecurity firm to investigate. Law enforcement and other federal agencies have been informed, the company said in a statement late Friday. The company didn’t respond to phone calls or emails for further comment Saturday, and hasn’t provided any guidance on when the pipeline might become operational.

The attack appeared to use a ransomware group called DarkSide, according to Allan Liska, senior threat analyst at cybersecurity firm Recorded Future.

Colonial is a key artery for the eastern half of the U.S. It’s the main source of gasoline, diesel and jet fuel for the East Coast with capacity of about 2.5 million barrels a day on its system from Texas as far as North Carolina, and another 900,000 barrels a day to New York.

Hacking threats to critical infrastructure have been growing, prompting the White House to respond with a plan to try to increase the security of utilities and their suppliers. Pipelines are a specific concern because they play a central role in so many parts of the U.S. economy.


This advertisement has not loaded yet, but your article continues below.

Article content

The latest attack comes as the nation’s energy industry gears up for summer travel and stronger fuel demand as pandemic economic restrictions are eased. It’s also an unpleasant reminder of how a cyber-attack brought down the communications systems of several U.S. natural gas pipelines operators in 2018.

Ransomware cases involve hackers seeding networks with malicious software that encrypts the data and leaves the machines locked until the victims pay the extortion fee, which can range from a few hundred dollars to millions of dollars in cryptocurrency.

Separate Networks

Utilities’ information technology networks, which run email and other routine functions, and operational technology networks, which control the actual functioning of the delivery of electricity or natural gas, are typically kept mostly separate, which is what makes Colonial’s decision to temporarily shut down both so unusual.

An April 2 blog by the cybersecurity firm Cybereason said the people behind DarkSide follow the “double extortion” trend in ransomware, meaning they not only encrypt user data but exfiltrate it and make it public if a ransom payment isn’t made.

Many companies pay the fees and recover their data. But even when that occurs, they may shut down large parts of their networks as a precaution while they restore essential services and hunt for any signs that the hackers had accessed sensitive systems for other reasons including espionage or further destructive attacks.


This advertisement has not loaded yet, but your article continues below.

Article content

Colonial hasn’t commented on reports that it was the victim of a ransomware attack.

Officials at the Federal Bureau of Investigation, the Department of Justice and the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency didn’t respond to requests for comment.

Colonial gave an indication during Friday trading that it was having network issues, while two people familiar said they were having a hard time submitting refined product batches, updates or changes to batch deliveries and nominations using their Colonial Pipeline website access. The Colonial website went offline whenever the people tried.

Technical Issues

At the time, Colonial staff informed customers by phone about the technical issues but didn’t say what was causing them.

The disruption could roil fuel markets Monday if it’s not fixed. The refining margin for a combined barrel of gasoline and diesel, the so-called 321 crack spread, rose 2% Friday after the Colonial interruption. Nymex gasoline futures rose 1.32 cents to settle at $2.1269 per gallon.

The main two Colonial lines out of the Houston refining hub — Lines 1 and 2 from Pasadena, Texas, to Greensboro, North Carolina — have not been full for months with U.S. fuel demand falling to its lowest in decades during the pandemic. That means fuel markets served by the line might be spared supply shortages.

The Colonial system is managed from suburban Atlanta and is jointly owned by Koch and several other energy and investor interests. East Coast fuel markets also are supplied by the Plantation pipeline jointly owned by Kinder Morgan and Exxon; East Coast refineries; and fuel shipments from Eastern Canada and Europe.

©2021 Bloomberg L.P.


This advertisement has not loaded yet, but your article continues below.

In-depth reporting on the innovation economy from The Logic, brought to you in partnership with the Financial Post.


Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.