On May 8, the Colonial Pipeline Company announced that it had fallen victim to a ransomware attack a day earlier. The pipeline operations include transporting 100 million gallons of fuel daily to meet the needs of consumers across the entire eastern seaboard of the U.S. from Texas to New York, according to the website of the refined products pipeline company.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” Colonial Pipeline said in a web statement.
This attack has further blurred lines between nation-state sponsored APT attacks and cybercrime, as attacks of this magnitude are not like the “spray and pray” ransomware attacks of the past. These are RansomOps that are highly targeted and more akin to an APT-style operation.
Considering the potential impact of this shutdown, the Federal Motor Carrier Safety Administration (FMCSA) issued an emergency declaration in which it exempted 17 states and the District of Columbia from certain restrictions relating to the transportation of refined petroleum products by motor carriers and drivers.
Colonial Pipeline also used the web statement to share some details about its response thus far: “Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.”