DarkSide Ransomware Attack Clogs Big US Fuel Pipeline

Following a ransomware attack that affected the network of Colonial Pipeline, the US has to resort to emergency protocols to keep the east coast supplied with fuel. The Department of Transportation gave commercial fuel tanker emergency powers to transport fuel using the country's road network, to avoid crippling shortages.

Colonial Pipeline is the entity that supplies nearly half of the total liquid fuel volume needed for the American east coast. The company had its pipeline operation halted following an insidious ransomware attack.

The fuel company released a statement over the weekend, saying its pipeline operations had to be put on hold for the time being, following a cyber attack that took place at the end of the previous working week. Colonial Pipeline pulled a number of its systems and sub-networks offline, to avoid even bigger damage and the further spread of the ransomware used in the attack.

The self-imposed system blackout means that pipeline operations also had to be put on hold for the time being. The fuel company has taken a cyber security firm on board and the hired experts are conducting an investigation into the incident.

The company also stated that all appropriate state authorities have been notified about the attack and the company is currently focused on restoring its normal operation.

The DarkSide Ransomware threat and cybergang behind the aggressive malware looks to be the culprit. Various sources have said that the attack originated out of Russia but experts are still grappling with the location of the attackers. Additionally, unconfirmed sources have also said that Colonial ended up paying the ransom, which amounted to millions of dollars. The "DarkSide" ransomware hackers have done something that's never been done on US soil, which could prompt future attacks from them or other cybercrook gangs.

Security experts with security company Axio who are observing the situation are still not sure whether the operational halt of the pipeline was due to actual ransomware damage that enforced it, or whether it was a result of Colonial being extremely careful with containing the ransomware and protecting systems that were not yet infected.

Other experts speculated that the bad actors behind the attack may not have realized how exactly Colonial's network structure was set up and the shutdown may have been a precaution, in case the operational and information technology systems of the fuel company were not sufficiently separated.

Threatpost provided further insight into the escalating global situation with ransomware, quoting a 150 percent increase in the number of ransomware attacks over the span of 2020. Insufficient network segmentation and the often-interconnected nature of information and operational networks are the main driving factors behind major operational outages in similar attacks.

In cases where the two networks are closely intertwined, the bad actors behind the attacks are often able to quickly infect operation-critical networks and cause much bigger problems.

As for the fuel situation in the American east, the BBC quoted oil market analyst Gaurav Sharma, who foresees serious issues with refinery storage capacity and general supply to major cities, unless the Colonial Pipeline network starts running normally very soon.