Cybercriminals take out major US fuel pipeline

According to sources cited by the CNN news network, the Colonial Pipeline Company chose to stop the flow of oil when the attack compromised its billing systems, leaving it unable to bill its customers. The decision led to widespread fuel shortages across the pipeline’s service network, and triggered panic buying of fuel across the eastern US. Nearly half of fuel consumed on the US East Coast is transported via the Colonial Pipeline. 

On 19 May, Joseph Blount, the CEO of the Colonial Pipeline Company, admitted to the Wall Street Journal that he had authorised a ransom payment of $4.4mn in cryptocurrency to the hackers. ‘I know that’s a highly controversial decision,’ Blount told the paper. ‘I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.’

Once the hackers received the payment, they provided the pipeline’s operators with a decrypting tool that could restore its disabled computer network. However, sources cited by Bloomberg stated that the tool was so slow that Colonial Pipeline was forced to use its own backups to restore its downed IT systems. 

The company said its operations had resumed as normal by 15 May, though some news outlets indicated there were still significant fuel shortages across the East Coast at that time. According to CNBC, 80% of petrol stations in Washington DC remained without fuel on the 15th, while 63% of stations in North Carolina had shortages. Meanwhile, both Georgia and South Carolina recorded shortages of over 40%.

Figures from the US Chamber of Commerce suggest that the average downtime for a business suffering a cyberattack is 21 days, though it takes an average of 287 days to fully recover from a significant cybercrime incident. President Joe Biden has stated that he did not believe the Russian government was behind the Colonial Pipeline hack. However, he also said that Moscow does have a responsibility to curb such attacks when they originate within its jurisdiction.