Colonial Pipeline, America’s largest pipeline operator, continued work on Sunday to recover from a ransomware cyberattack that forced it to shut down on Friday and raised concerns over soaring retail gasoline prices.
The incident is one of the most disruptive digital ransom deals on record and prompted US lawmakers to step up protection of critical US energy infrastructure from hackers. Read more
Colonial said on Saturday it “continues to monitor the impact of this temporary service shutdown” and work to restore service. He did not give an estimate for a restart date.
Colonial transports 2.5 million barrels per day of gasoline and other fuels from refineries on the Gulf Coast to consumers in the eastern and southern United States. It also serves some of the largest US airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest for passenger traffic.
Retail fuel experts, including the American Automobile Association, have said that a multi-day outage could have significant impacts on regional fuel supplies, especially in the southeastern United States.
While the US government investigation is in its early stages, a former US official and two industry sources said the hackers were likely a group of professional cybercriminals and that a group dubbed “DarkSide” was likely part of it. potential suspects.
DarkSide is known to deploy ransomware and extort victims while avoiding targets in post-Soviet states. Ransomware is a type of malware designed to lock down systems by encrypting data and demanding payment to regain access.
Cyber security firm FireEye (FEYE.O) was also called in to respond to the attack, according to the two industry sources. FireEye declined to comment. Colonial said on Saturday night that he was working with a “top third-party cybersecurity company,” but did not name the company.
Bloomberg News, citing people familiar with the matter, reported on Saturday evening that the hackers were part of DarkSide and had removed nearly 100 gigabytes of data from the Colonial network on Thursday before the pipeline closed. Read more
Colonial did not immediately respond to an email from Reuters requesting comment outside regular U.S. business hours.
US President Joe Biden was briefed on the incident on Saturday morning, a White House spokesman said, adding that the government was working to help the company resume operations and prevent disruption to business. supply.
The Georgia-based private company is owned by CDPQ Colonial Partners LP, IFM (US) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors LP, Koch Capital Investments Company LLC and Shell Midstream Operating LLC.
Gasoline futures and diesel futures on the New York Mercantile Exchange rose on Friday after the outage was reported. In previous colonial blackouts, retail prices rose dramatically, even briefly.
Oil refining companies contacted by Reuters on Saturday said their operations had not yet been affected.
Our Standards: The Thomson Reuters Trust Principles.