Top US fuel pipeline operator Colonial Pipeline has shut its entire network, the source of nearly half of the US East Coast’s fuel supply, after a cyber-attack that industry sources said was caused by ransomware.
The company said it was the “victim of a cyber-security attack” and that in response it took its systems offline.
This “temporarily halted all pipeline operations, and affected some of our IT systems”, the company said in a statement.
It gave no details of what the attack entailed, but the attack is not thought to have caused any immediate disruptions.
The company transports 2.5mn barrels per day of gasoline, diesel, jet fuel and other refined products through 5,500 miles (8,850km) of pipelines linking refiners on the Gulf Coast to the eastern and southern United States.
While the US government investigation is in its early stages, one former US government official and two industry sources said the hackers are most likely a highly-professional cyber-criminal group.
Investigators are looking into whether a group dubbed “DarkSide” by the cyber-security research community is responsible, the source said.
DarkSide is known for deploying ransomware and extorting victims, while selectively avoiding targets in post-Soviet states.
The malicious software used in the attack was ransomware, two cyber-security industry sources familiar with the matter said.
Ransomware is a type of malware that is designed to lock down systems by encrypting data and demanding payment to regain access.
The malware has grown in popularity over the last five years.
Colonial has engaged a third-party cyber-security firm to launch an investigation and contacted law enforcement and other federal agencies, it said.
Cyber-security company FireEye has been brought in to respond to the attack, the cyber-security industry sources said.
FireEye declined to comment when asked if it was working on the incident.
Colonial did not give further details or say for how long its pipelines would be shut.
“Cyber-security vulnerabilities have become a systemic issue,” said Algirde Pipikaite, cyber-strategy lead at the World Economic Forum’s Centre for Cyber-security.
“Unless cyber-security measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants,” Pipikaite added.
Reuters reported earlier that Colonial had shut its main gasoline and distillate lines.
Colonial had previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017.
That contributed to tight supplies and gasoline price rises in the United States after the hurricane forced many Gulf refineries to shut down.
East Coast gasoline cash prices rose to the highest since 2012 during Hurricane Harvey and have not gone higher since, while diesel prices rose to a more than two-year high, Refinitiv Eikon data showed.
The US was rocked in recent months by news of two major cyber-security breaches – the massive SolarWinds hack that compromised thousands of US government and private sector computer networks and was officially blamed on Russia; and a potentially devastating penetration of Microsoft e-mail servers.
The latter is believed to have affected at least 30,000 US organisations including local governments and was attributed to an aggressive Chinese cyberespionage campaign.
Both breaches appeared to be aimed at stealing e-mails and data but they also created “back doors” that could allow attacks on physical infrastructure, according to the New York Times.
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network after a cyber attack, the company said on Friday. (REUTERS)