<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=900254546818932&amp;ev=PageView&amp;noscript=1">
October 22, 2021 (877) 771-2384 sales@wheelhouseit.com Fort Lauderdale · New York · Los Angeles

Cyber Attack on Colonial Pipeline: What We Learned

Paula Candelario

The Colonial Pipeline suffered a major cyberattack that crippled some of its capabilities and sent the East Coast of the United States into a panic.  

Although service was restored within a week, the data theft and malware attacks sent shockwaves throughout the oil industry. Here is what we learned because of this devastating infrastructure attack. 

What is the Colonial Pipeline? 

The Colonial Pipeline is a 5,500-mile pipeline for refined oil products that operates between Texas and New York. The pipeline is responsible for delivering almost half of the fuel used by the states on the East Coast, transporting millions of gallons of fuel every day.  

Colonial Pipeline Attack: What Happened 

Following a data theft attack on May 6, 2021, a ransomware cyberattack was initiated against the computer systems that control various pipeline elements on May 7, 2021. 

Allegedly, members of the hacking group called DarkSide could gain access to the Colonial company network. The company has not provided a statement about how this was possible, but several avenues for such access exist, including phishing emails and using the previously stolen information. 

Starting May 7, 2021, several events took place: 

  • Colonial paid a $5 million ransom to the hackers and received a decryption key 
  • Portions of the pipeline were shut down 
  • The backup process started to get the pipeline back to full functionality after the decryption provided by the hackers proved to be too slow. 
  • IT techs contained the threat. 

The shutdown would continue for 5 additional days.

According to information that came out on May 13, 2021, the Colonial Pipeline’s invoicing system was disabled, not operational. Nevertheless, the pipeline was shut down, and the news reported on the hack and its impact on the Colonial operations.  

As the media reported on the pipeline shutdown, people began to panic as gas stations began to run out of gasoline. In states like North Carolina, roughly 68% of stations ran out of fuel.  

The gas shortage had two causes: the shutdown being primary and people panic-buying as a secondary source of trouble. Less than a week after the pipeline was brought online, those deficiencies evaporated.   

What We Learned 

What lessons should we glean from the Colonial Pipeline attack? We have three major takeaways to consider: 

We need to change our online habits. 

Simple habits like not performing system updates or opening emails from people you have never met need to be eschewed. In this case, it could have saved millions of dollars, panic, and discord.  

Hackers are becoming more sophisticated, and cyberattacks are happening more frequently.  

Hacker groups are getting better at what they do. In this case, the DarkSide hackers made off with $5 million in Bitcoin, making it impossible to trace the money. Successful hacks will continue to attract others to do the same.  

Cybersecurity is worth investing in.

Although we do not currently know what allowed the hackers to access the Colonial systems, it is clear that every business needs to tighten its security.  

That means doing a security audit, finding a business’s weaknesses, and being willing to call in professionals to help in all security endeavors.  

Cybersecurity is serious business. Small and medium-sized businesses are just as likely to lose data or suffer ransomware attacks as any other company. Business owners must be proactive to prevent these issues from arising in their ranks, even if that means consulting outside IT specialists to make it happen. 

Request Complimentary Risk Assessment

news, ransomware, cyber security, cyber attacks

We’re Very Social!

CISA Security Alerts

New call-to-action