Top US fuel pipeline operator Colonial Pipeline has shut its entire network, the source of nearly half of the US East Coast’s fuel supply, after a cyber attack that industry sources said was caused by ransomware.
The company transports 2.5 million barrels per day of petrol, diesel, jet fuel and other refined products through 5,500 miles (8,850 km) of pipelines linking refiners on the Gulf Coast to the eastern and southern United States.
Colonial shut down systems to contain the threat after learning of the attack on Friday, it said in a statement. That action has temporarily halted operations and affected some of its IT systems, the company said.
While the US government investigation is in its early stages, one former US government official and two industry sources said the hackers are most likely a highly professional cybercriminal group.
Investigators are looking into whether a group dubbed “DarkSide” by the cybersecurity research community is responsible, the former government official said.
DarkSide is known for deploying ransomware and extorting victims, while selectively avoiding targets in post-Soviet states.
Colonial has engaged a third-party cybersecurity firm to launch an investigation and contacted law enforcement and other federal agencies, it said.
Colonial did not give further details or say for how long its pipelines would be shut.
“Cybersecurity vulnerabilities have become a systemic issue,” said Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity.
“Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants,” Pipikaite added.
Reuters reported earlier on Friday that Colonial had shut its main petrol and distillate lines.
If the system is shut for four or five days, the market could see sporadic outages at fuel terminals that depend on the pipeline for deliveries.
Ben Sasse, a Republican senator from Nebraska and a member of the Senate Select Committee on Intelligence, said that the cyber attack was a warning of things to come.
“This is a play that will be run again, and we’re not adequately prepared,” he said, adding lawmakers should pass an infrastructure plan that hardens sectors against these attacks.