On May 8, 2021, the Colonial Pipeline Company announced that it had halted its pipeline operations due to a ransomware attack, disrupting critical supplies of gasoline and other refined products throughout the East Coast. This attack was similar to an earlier pipeline ransomware attack in 2020, which also resulted in a pipeline shutdown. In 2018, cyberattacks reportedly disrupted the customer communications systems (but not pipeline operations) at four of the nation’s largest natural gas pipeline companies. The possibility of lengthy pipeline disruptions was raised in 2019 congressional testimony by then-Director of National Intelligence, who singled out pipelines as critical infrastructure vulnerable to cyberattacks that could cause shutdowns “for days to weeks.” The Colonial Pipeline cyberattack has elevated concern in Congress about the security of the nation’s energy pipelines and government programs to protect critical infrastructure.
Ransomware is a form of malicious software (malware) that seeks to deny users access to data and information technology (IT) systems by encrypting the files and systems—thus locking out users. Perpetrators usually extort victims for payment, typically in cryptocurrency, to decrypt the system. Recently, such attacks have been coupled with data breaches in which perpetrators also steal data from their ransomware victims. In addition to locking their computer systems, the perpetrators notify victims that they have copies of their data and will release sensitive information unless a ransom is paid, extorting them twice. Colonial Pipeline fell victim to the DarkSide ransomware-as-a-service (RaaS) variant. RaaS
is a cybercrime model in which one criminal group develops the ransomware and hosts the infrastructure upon which it operates, then leases that capability to another criminal group to conduct an attack.