US fuel pipeline operator Colonial Pipeline was targeted by a ransomware cyberattack that forced it to suspend operations over the weekend.
Georgia-based Colonial said it was “continuing to monitor the impact of this temporary service halt” and to work to restore service. It had not given an estimate for a restart date at the time of writing.
The incident is being regarded as one of the most disruptive digital ransom operations ever reported and has prompted calls from American lawmakers to tighten protections for critical US energy infrastructure against hackers.
The attack continues to throw the spotlight on an area of cyber-crime which is becoming a huge concern for business.
Only last month the recently established international anti-cyber-crime coalition the Ransomware Task Force (RTF) published a series of nearly 50 recommendations in a major bid to combat cyber threats.
The RTF is a US-led team convened in early 2021 with participants from governments, software firms, cyber security vendors, non-profit and academic institutions from across the world.
Members include Microsoft, Amazon, the FBI and the UK’s National Crime Agency.
The aim of the RTF is to develop a robust plan to tackle the global ransomware threat, through deterring and disrupting the actors while helping ensure organisations are equipped to prepare and respond.
Colonial moves 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and south-eastern United States.
Its 5,000 mile (8,850 km) network serves major U.S. airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest by passenger traffic.
Retail fuel experts including the American Automobile Association said an outage lasting several days could have significant impacts on regional fuel supplies, particularly in the US Southeast.
While the U.S. government investigation is in the early stages, reports suggest that the hackers are likely a professional cybercriminal group.
Colonial said late on Saturday it was working with a “leading, third-party cybersecurity firm,” but did not name the firm.
Bloomberg News, citing people familiar with the matter, reported late on Saturday that the hackers are part of a group called DarkSide, though this remains unconfirmed at this stage.
President Joe Biden was briefed on the incident on Saturday morning, a White House spokesperson said, adding that the government was working to try to help the company restore operations and prevent supply disruptions.