The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.
The Colonial Pipeline carries more than 100 million gallons of gasoline and other fuel daily from Houston, Texas, to the New York Harbor. That’s 45% of the East Coast’s supply of diesel, gasoline and jet fuel.
It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service.
A total of 18 states have been granted a temporary waiver for transporting refined petroleum products. The emergency status enables fuel to be transported by road, but this will not be anywhere near enough to match the pipeline’s capacity, independent oil market analyst Gaurav Sharma told the BBC.
He warned that there is a lot of fuel now stranded at refineries in Texas.
“Unless they sort it out by Tuesday, they’re in big trouble,” he said, adding that demand for vehicular fuels is on the rise as consumers return to the roads and the US economy attempts to shake off the effects of the pandemic.
Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage.
After seizing the data, the hackers demanded a ransom and threatened to leak the data onto the internet.
Colonial said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service.
The incident highlights the increasing risk ransomware is posing to critical industrial infrastructure, not just businesses.
In addition to a notice on their computer screens, victims of a DarkSide attack receive an information pack informing them that their computers and servers are encrypted.
The gang lists all the types of data it has stolen and sends victims the URL of a “personal leak page” where the data is already loaded, waiting to be automatically published, should the company or organisation not pay before the deadline is up.
DarkSide also tells victims it will provide proof of the data it has obtained and is prepared to delete all of it from the victim’s network.
According to Digital Shadows, a London-based cyber-security firm that tracks global cyber-criminal groups to help enterprises limit their exposure online, DarkSide operates like a business.
The gang develops the software used to encrypt and steal data, then trains “affiliates”, who receive a toolkit containing the software, a template ransomware demand email, and training on how to carry out attacks.
The affiliate cyber-criminals then pay DarkSide a percentage of their earnings from any successful ransomware attacks.
Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic – the rise of engineers remotely accessing control systems for the pipeline from home.
James Chappell, co-founder and chief innovation officer at Digital Shadows, said, “We’re seeing a lot of victims now, this is seriously a big problem.”
He added that Digital Shadows’ research showed the cyber-criminal gang is likely based in a Russian-speaking country, as it seems to avoid attacking companies in Moscow’s orbit of influence.