Over the past years, ransomware has become the most prevalent and expensive form of cybercrime. The estimated global damage wrecked by ransomware attacks in 2020 stood at a mammoth USD 20 billion, a significant rise from USD 11.5 billion in 2019. And among the countries, the United States experiences the most severe ransomware attacks.
In 2019, the US was hit by a host of ransomware attacks that affected at least 966 state-owned agencies, educational institutions, and healthcare providers, causing a potential damage of over USD 7.5 billion.
Even before the US recovered from the damage caused by the high-profile ransomware attack on Washington, D.C., Police Department in April 2021, a new ransomware attack impeded the operations of the largest gasoline pipeline in the country.
Colonial Pipeline, the leading fuel pipeline operator in the US, temporarily halted its entire network on Friday following a ransomware attack.
The pipeline is a crucial artery for the East Coast, transporting around 45% of the fuel consumed across the region. Spanning around 5,500 miles, the pipeline transports more than 100 million gallons of fuel, including gasoline, diesel, and jet fuel, daily to consumers from Houston, Texas, to the New York Harbor.
Colonial Pipeline Company said in a statement on Saturday that they were “the victim of a cybersecurity attack and have since determined that the incident involved ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.”
Colonial informed that it roped in a leading, third-party cybersecurity expert to launch an investigation into the nature and scope of the attack. The oil company also contacted law enforcement and other federal agencies, including the Department of Energy.
Though the investigation is in the early stages, Allan Liska, senior threat analyst at cybersecurity firm Recorded Future, claimed that the attack appeared to be carried out by an Eastern European-based criminal gang called DarkSide.
The DarkSide group has hit utility firms before, he said. In February, DarkSide’s ransomware attacks disrupted operations at two Brazilian state-owned electric companies, Companhia Paranaense de Energia (Copel) and Centrais Eletricas Brasileiras (Eletrobras).
“We are making efforts through the FBI and the Department of Justice to disrupt their work and prosecute criminals who extort ransom using viruses,” Biden said, speaking at the White House.
The ransomware attack on Colonial comes at the time the nation’s energy sector is bracing for summer travel and high fuel demand as lockdown restrictions are eased. And a prolonged shut down of the pipeline could lead to sporadic outages at fuel terminals along the US East Coast and trigger a spike in gas prices.
After the Colonial interruption was reported on Friday, the refining margin for a combined barrel of gasoline and diesel increased 2%, and Nymex gasoline futures gained 1.32 cents to settle at USD 2.1269 per gallon.
“We are engaged with the company and our interagency partners regarding the situation,” said Eric Goldstein, Executive Assistant Director of the cybersecurity division at the Department of Homeland Security’s CISA. “This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”