💰💣

Colonial Pipeline Security Incident

May 7, 2021 1599 days ago Resolved

Incident Overview

Situation Description

Colonial Pipeline experienced a ransomware attack that led to a shutdown of its operations, causing significant disruptions and price increases for gasoline.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Energy

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Restored Systems from Secure Backups Paid a Ransom Managed Public Narrative & Crisis Communications

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$4,400,000 USD

Records Affected

Data Types Compromised

Credentials Operational / System Data

Primary Impacts

Operational Disruption Financial Loss Reputational Damage

Key Decisions Made

Joseph Blount, CEO of Colonial Pipeline, paid $4.4M USD in 75 Bitcoins to the DarkSide group as ransom.; Colonial Pipeline shut down its pipeline operations to prevent the ransomware from spreading to control systems.; Colonial Pipeline was forced to restore backups of data to restore operations due to the inefficiency of the decryption tool provided after payment.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

DarkSide

Additional Information

It has been almost 2 weeks since Sangfor wrote about the DarkSide ransomware attack on Colonial Pipeline in the US, and a week since operations were restored, but the after-effects continue. Although gas is again flowing through the largest pipeline in the US, gasoline prices hit a six-year high with a national average of $3.04 USD per gallon this week, as over 10,000 pumps on the eastern half of the country were still without supply . At one-point last week, the price of gasoline reached $6.99 USD due to hoarding and price gouging. It was also confirmed today that Joseph Blount, CEO of Colonial Pipeline Co., paid $4.4M USD ransom in 75 Bitcoins to the DarkSide group on May 7, the day of the attack. Mr. Blount, after much consideration, likened the ransomware attack to pipeline and refinery shutdowns lasting several days, that occurred during many past strong Gulf Coast hurricanes. Joseph Blount, CEO of Colonial Pipeline. Photo: PHOTO: COLONIAL PIPELINE CO. I know thats a highly controversial decision. I didnt make it lightly, Mr. Blount said publicly today. I will admit that I wasnt comfortable seeing money go out the door to people like this. But it was the right thing to do for the country. It may have been the right thing to do for the country, but it did little to help restore operations at Colonial Pipeline. The decryption tool provided after payment was so slow , Colonial Pipeline still had to restore backups of data to restore operations in a timely manner. Colonial Pipelines pipeline system moves gasoline and other fuels from refineries in the US Gulf Coast and other locations over 5,500 miles to customers in the Eastern and Southern United States. The pipeline normally carries over 100 million gallons of fuel per day (45% of all fuel consumed on the eastern half of the US), making it the biggest refined products pipeline in the US, according to the company. Ransamware Attack Timeline The Colonial Pipeline story is not just about a company recovering...

... (truncated for display)

Quick Facts

Company:: Colonial Pipeline
Date:: May 7, 2021
Status:: Resolved
Decision Maker:: Joseph Blount
Position:: CEO
Published:: nan

Source Information

Original Query

Colonial Pipeline stock price impact and long-term recovery post DarkSide attack

View Original Source

Timeline

Information Published

nan

Incident Occurred

May 7, 2021 (1599 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats