Gas Pipeline Ransomware: Cybersecurity Attack on the United States Largest Pipeline

gas pipeline ransomware

Cybersecurity isn’t just a personal or professional concern but a concern of national security. Hackers are continually looking to elevate their game and push the boundaries of what they can access. Various attempts on national security systems around the country have been reported, but most fell short of causing any real problems. However, hackers just attacked one of the largest fuel pipelines in the United States. This has led to massive fuel shortages throughout the Southwest and increasing gas prices in regions not directly impacted as fuel is diverted down to the affected states.

What is the Colonial Pipeline?

This pipeline is based out of Alpharetta, Georgia, and, according to the New York Times, bumps around three million barrels of fuel a day between Houston and New York. In total, it covers 5,500 miles from one end of the pipeline to the other.

Most of the largest cities on the East Coast pull fuel from this pipeline. This includes metro areas like Houston, Atlanta, New Orleans, Charlotte, Washington D.C., New York City, Philadelphia, and Baltimore. Currently, the FBI is looking further into the matter. With fuel being of national importance for everything from regular domestic travel to commercial and military vehicles requiring fuel, this kind of hack was quickly elevated to a national security threat.

What Happened?

Ransomware attacked the Colonial Pipeline’s control system, which led to the entire pipeline being shut down to identify and remove all traces of the gas pipeline ransomware. It is similar to how a ransomware hack might affect a personal or business computer only on an extreme scale.

Once the files were discovered on the system, the pipeline was shut down on Friday. The gas pipeline ransomware files weren’t just discovered, and the pipeline shut down out of being extra cautious. The hack began on Thursday, with the ransomware siphoning off around 100 gigabytes worth of data. From there, the hackers, which have been identified as a group of cybercriminals known as DarkSide, turned around in an attempt for a double-extortion (according to CNet).

Who is DarkSide?

DarkSide first jumped onto the cyberattacks scene back in 2020 when it started to appear on Russian forums. The group is essentially a for-hire ransomware platform. The group, which is skilled at what they do, as demonstrated with the Colonial Pipeline hack, offers out its services to other cybercriminals looking to attack certain high-profile targets.
However, DarkSide does have a number of off-limit kinds of organizations it will not target. This includes funeral service providers, healthcare companies, non-profit organizations, educational institutions, as well as most public sector platforms. Basically, it looks at companies deemed capable of paying out the requested ransom.

DarkSide also uses a double-extortion method for obtaining money from the organizations it attacks. The first sum of money is for a key to unlock the server and to remove all of the infected files. The second sum of money is to ensure all of the stolen data is destroyed. It is next to impossible to prove either the key has removed 100% of the gas pipeline ransomware files and that all stolen data has been destroyed, so organizations are forced to either do what the Colonial U.S. Pipeline did and attempt to expunge the ransomware files on their own or pay the dual ransoms.

Recently, DarkSide extorted another company (which has not been named) of nearly $11 million, and this is just a single example. It is believed many of the cybercriminals that have formed DarkSide have come together from other cybercriminal organizations, including Ravil and GandCrab, another ransomware organization that extorted over $2 billion. Most organizations such as these do not remain active for long. These kinds of organizations are heavily monitored and develop patterns. Remaining active for too long increases the chances of being caught, which is why so many cybercriminal organizations spin off into other groups.

What Happens Now?

It is currently believed that the pipeline will be back online before the end of the week. So while there is a gas crisis in southeastern states, with Virginia, North, and South Carolina all declaring a state of emergency, it is not expected to linger more than another day or two. Governors and representatives from states throughout the region are asking residents not to go off and hoard gasoline. As the pipeline will be back in the next 24 to 72 hours, hoarding excessive amounts of gasoline not only prevents other drivers from filling up, but it is dangerous to store that kind of fuel.

The situation is still fluid, so the exact timetable may change. However, the Colonial Pipeline was shut down before the cybercriminals were able to do any system damage to the pipeline itself. Had the system remained active for longer, it is possible the criminals would have been able to gain complete (or at least partial) control of the system, effectively locking out the controllers, opening up lines that might dump fuel, or damaging infrastructure that would take weeks, if not months to repair the damage.

Lessons For Everyone

Chances are the average small business owner will not find themselves in the crosshair of criminal organizations like DarkSide. However, if criminals are able to hack into major fuel pipeline operations and demand hundreds of millions of dollars in ransoms, the average small business can be hacked as well.

Any small business owner needs to take this as a reminder of how important it is to invest in a solid I.T. infrastructure and a service provider that is able to navigate these kinds of problems and to maintain the highest level of defense possible for their organization. Charlotte IT Solutions is here to provide these exact services. If you believe your business might be exposed and you want to learn how Charlotte IT Solutions can improve your online defenses, or you’re ready to get serious with your I.T. security, now is the time to contact the staff at Charlotte IT Solutions.