On May 8, a deadly ransomware attack on Colonial Pipeline had reportedly halted its operations. The company’s pipeline which runs 5,500 miles along the east coast of the United States, supplies 45% of the oil and gas to that region. According to media reports on Friday, the company paid a 75 bitcoin ransom—worth around $5 million, to restore service faster. The company was able to resume operations by Wednesday night
Ransomware attacks are on the rise. According to an annual report on global cybersecurity, there were a total of 304 million ransomware attacks worldwide in 2020. This was a 62 percent increase from a year prior, and the second-highest figure since 2014 with the highest on the record being 638 million attacks in 2016.
What happened:
Colonial Pipeline a critical supply engine for 45% of the oil and gas for the east coast, was hit with a ransomware attack. As per a Bloomberg report, the hackers began their attack on Thursday (6th May) stealing about 100 GBs of data.
Who was responsible:
The impact:
A Department of Transportation agency posted a regional emergency declaration for 18 states and Washington, DC, "in response to the unanticipated shutdown of the Colonial Pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States." The shortage has caused an increase in the average price of gas in the US, which rose from six cents, to $2.96 per gallon, according to AAA.
In a statement, Colonial said it "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems."
On Tuesday, Colonial said it had worked with shippers to deliver about 41 million gallons to delivery points along its pipeline. The company also said it had taken delivery of about 84 million gallons from refineries as it readies to reopen its pipeline
The FBI has released and proposed ways to protect businesses from ransomware attacks.
With increased pressure to improve operating efficiency, energy and utility companies are adopting automation and operational technologies (OT) which means “merging” of systems within critical infrastructure networks. Pipelines, electricity grids, and water supply are now equipped and controlled by electronic network equipment that ultimately has a connection to the internet creating a whole new attack surface.
There is a need for a proactive cyber risk management approach to face these new-age cyber-attacks. Energy and utility firms:
To cater to these new kinds of cyber-attacks, energy and utility firms should proactively monitor their attack surface for any kind of vulnerabilities and have a robust business continuity and disaster recovery plan in place to build cyber resilience.
MetricStream has helped Fortune 500 oil and gas companies and energy utility providers to build operational and cyber resilience, increasing operational efficiency. Please reach out to us if you'd like to schedule a demo or learn more about how we can help secure your critical infrastructure OT environment and help you build cyber resilience.