Ransomware Attack Cripples Colonial Pipeline

Edward Kost
Edward Kost
May 10, 2021

Colonial Pipeline, one of the largest U.S. suppliers of refined gasoline, has fallen victim to a ransomware attack, forcing the 5,500-mile pipeline to shut down.

The magnitude of the disruption, which impacted almost half of the U.S. East Coast, has called the attention of the F.B.I., the Energy Department, and the White House who are currently involved in investigations.

This the latest incident from a series of nation-state cyberattacks making a mockery of cybersecurity standards in the United States. In an effort to finally disruptive this pernicious trend, President Joe Biden has signed a Cybersecurity Executive Order calling for a dramatic reformation of security programs throughout government entities and the entire private sector.

Cybercriminals infiltrated Colonial’s corporate computer network before launching their ransomware attack, in which sensitive data is encrypted and held hostage until the victim pays a ransom.

Colonial Pipeline said in a statement that the decision to shut down the entire pipeline was strategic, to prevent the further comprise of sensitive data.

“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.” Colonial Pipeline said in its statement.

Colonial Pipeline Map - source: ZDNet.com
Colonial Pipeline Map - source: ZDNet.com

On Tuesday, May 11, the F.B.I confirmed that Russian cybercriminal group known as "Darkside" was responsible for the cyberattack. Darkside is relatively new to the cybercriminal arena but their extremely talented, as evidenced by their choice of disrupting a major U.S pipeline to announce their existence on the world stage.

Intelligence on the group's tactics and are still developing, but it's speculated the threat actors may be affiliated with the Ransomware-as-a-Service operation REvil, due to the similarities between ransom letters:

darkside ransom note
Darkside ransomnote - Source: bleepingcomputer.com

REvil Ransom Note
REvil ransom note - Source: bleepingcomputer.com

While a hunt for the perpetrators is a critical initiate, it should not eclipse the glaring security faults that made this attack possible.

Colonial Pipeline has serviced the East Coast since the early 1960s. Upgrading the technology of such ageing infrastructures is not easy and usually requires security-compromising methods to establish a connection to the internet.

Cybercriminals are aware of this gaffer tape method of upgrading network security which is why attacks on veteran U.S. entities have soared. Recent victims include:

The Colonial Pipeline ransomware attack is a disturbing demonstrating of the gaping vulnerabilities currently exposing many legacy U.S entities.

To avoid compromise, such organizations must immediately evaluate their security posture, lest they remain as sitting ducks for cybercriminals. 

How secure is Colonial Pipeline?

Colonial Pipeline is the largest U.S. refined products pipeline system.
  • Check icon
    View our free preliminary report on Colonial Pipeline’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating