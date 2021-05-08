The operator of a US pipeline that transports fuel across the East Coast has said it was the victim of a ransomware attack and temporarily halted all pipeline operations.

Colonial Pipeline on Saturday did not say what was demanded or by whom, but ransomware attacks typically involve criminal hackers who seize data and demand a large payment to release it.

It said the attack took place on Friday and also affected some of its information technology systems.

The company transports gasoline, diesel, jet fuel and home heating oil from refineries primarily located on the Gulf Coast through pipelines running from Texas to New Jersey.

Soaring ransomware attacks

The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies.

While there have long been fears about US adversaries disrupting American energy suppliers, ransomware attacks by criminal syndicates are much more common and have been soaring lately.

In a statement late Friday, Colonial Pipeline said it was “taking steps to understand and resolve this issue,” focused primarily on ”the safe and efficient restoration of our service and our efforts to return to normal operation."

It said it was "working diligently to address this matter and to minimise disruption to our customers and those who rely on Colonial Pipeline.”

Impact of outage

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down.

An outage of one or two days would be minimal, he said, but an outage of five or six days could causes shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, DC, area.

Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

The precise nature of the attack was unclear, including who launched it and what the motives were.

Scrambling data

A Colonial Pipeline spokeswoman declined to say whether the company had received a ransom demand, as is common in attacks from cyber criminal syndicates.

A leading expert in industrial control systems, CEO Robert Lee of Dragos, Inc., said everything points to a ransomware attack.

“How long they’ll be down depends on how far and wide this is,” he said. The pipeline could be back up and running relatively quickly if only IT systems are affected and Colonial was well-prepared. But if the network that directly controls pipeline functions is impacted it could take days, he said.

“It would not be unreasonable for a longer term, a week or so, of outages if it’s impactful on the operations side. We just don’t know that yet,” Lee said.

Ransomware scrambles a victim organisation’s data with encryption.