The Colonial Pipeline Company, the largest pipeline operators in the U.S., has been hit by a massive ransomware attack from the Darkside hacking group and has been largely offline since Friday.
According to company statements and news reports, the company discovered the attack on May 7 and took certain systems offline to contain the threat, which put a halt to all pipeline operations and impacted some of the company’s IT systems.
The company has engaged third-party cybersecurity providers and has been in contact with federal agencies, including the Department of Energy.
On Sunday, the company said its main lines were offline and some smaller lateral lines between terminals and delivery points were operational. Full service will be brought back when there is no longer a cybersecurity threat, the company said.
In a Monday report, Reuters said the Darkside hacking group is relatively new, but not necessarily inexperienced.
Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets.
“They’re very new but they’re very organized,” Lior Div, the chief executive of Boston-based security firm Cybereason, said on Sunday.
DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.
Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.
“It’s as if someone turned on the switch,” said Div, who noted that more than 10 of his company’s customers have fought off break-in attempts from the group in the past few months.
NBC News reported Monday that the Darkside ransomware is believed to be operated by a Russian group of the same name.
The attack reflects an increasing number of attacks against critical infrastructure and is one of the largest such incidents reported, impacting the company’s massive pipeline network from Texas to New Jersey. The pipeline supplies roughly 45% of the East Coast’s gas, according to John Dickerson on “Face the Nation.”
Commerce Secretary Gina Raimondo on the program called the situation “an all hands on deck effort” to help the company resume operations.