Get 40% Off
🤯 This Tech Portfolio is up 29% YTD! Join Now to Get April’s Top PicksGet The Picks – Just 99 USD

Knowns and unknowns about the hack at Colonial Pipeline

Published 05/09/2021, 06:32 PM
Updated 05/09/2021, 07:41 PM
© Reuters. FILE PHOTO: Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S. in an undated photograph.  Colonial Pipeline/Handout via REUTERS.

© Reuters. FILE PHOTO: Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S. in an undated photograph. Colonial Pipeline/Handout via REUTERS.

By Raphael Satter

WASHINGTON (Reuters) - Ransom-seeking hackers have broken into Colonial Pipeline, prompting the company to shut one of America's major arteries for fuel delivery.

Here is a look at what we know, and what we don't, about one of the most disruptive digital shakedown efforts to hit a U.S. company.

WHO IS INVOLVED?

Alpharetta, Georgia-based Colonial Pipeline and the U.S. government have both blamed ransomware for the massive outage, pointing the finger at cybercriminal gangs who routinely hold data and computer networks hostage in exchange for digital currency payments.

There is no official word on which group is believed to have carried out the intrusion - and attributing malicious activity online can be extremely difficult - but a former U.S. official and three industry sources told Reuters a group dubbed "DarkSide" was among the suspects. If so, that would lay the responsibility on a new but professional group of criminals believed to be operating out of the former Soviet republics.

Cybersecurity FireEye (NASDAQ:FEYE) is involved with the incident response, according to three industry sources.

HOW BAD IS IT?

Ransomware can deal catastrophic damage to an organization's network by locking away critical data or even wrecking computers beyond repair. But the effect on the actual nuts and bolts of energy companies' operations varies.

A destructive cyberattack on Saudi Aramco (SE:2222) in 2012 crippled the oil giant's computer network but left production more-or-less unscathed. By contrast, a more recent ransomware incident at Norsk Hydro (OTC:NHYDY) temporarily pushed the aluminum maker to switch away from automated production at its smelters.

Experts say the severity of the Colonial case will depend on whether the ransomware made its way into the company's operational technology network, which interfaces with the pipeline itself. Earlier this year, U.S. government officials announced https://us-cert.cisa.gov/ncas/alerts/aa20-049a that an intrusion at an unnamed natural gas compression plant that spilled over into its operational technology network forced a two-day shut down of its entire pipeline.

Colonial has not given any public indication as to the reach of the ransomware outbreak, but Robert M. Lee, chief executive of cybersecurity firm Dragos, said he believed Colonial's operations network was shut down proactively "to make sure that nothing spread into those systems."

He said that will hopefully translate to "a temporary outage versus something that would be more sustained."

WHAT HAPPENS NEXT?

U.S. government officials are working with Colonial to help it recover while scrambling to avoid more severe fuel supply disruptions should the outage continue.

Colonial's pipeline network serves major U.S. airports, including Atlanta's Hartsfield Jackson Airport, the world's busiest by passenger traffic, and experts say regional fuel supplies could be impacted if the pipeline stays shut.

© Reuters. FILE PHOTO: Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey, U.S. in an undated photograph.  Colonial Pipeline/Handout via REUTERS.

"A one-to-two-day outage is really a minor inconvenience," said Andrew Lipow, president of Lipow Oil Associates. But by day four or five, he said, "we could see a much greater widespread impact through large areas throughout the mid-Atlantic and the southeast."

Whether the pipeline stays shut that long in turn depends on how deeply the hackers penetrated Colonial's network - and how soon cybersecurity experts can pull them out.

Latest comments

Lol
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.