© Reuters. FILE PHOTO: A hooded man holds a laptop while cyber code is projected onto him in this image captured on May 13, 2017. The leading US fuel pipeline operator Colonial Pipeline has closed its entire network after a cyber attack
By Stephanie Kelly and Christopher Bing
NEW YORK (Reuters) – U.S. fuel pipeline operator Colonial Pipeline has shut down its entire network, which provides nearly half of the U.S. east coast’s fuel supply, following a cyber attack that industry claims was caused by ransomware.
The company transports 2.5 million barrels of gasoline, diesel, jet fuel and other refined products daily over 8,850 km of pipelines connecting refineries on the Gulf Coast with the eastern and southern United States.
A statement said colonial systems were shut down to contain the threat after learning of the attack on Friday. That action has temporarily ceased operations and affected some of its IT systems, the company said.
While the US government investigation is in its early stages, a former US government official and two industry sources said the hackers are most likely a highly professional cybercriminal group. Investigators are investigating whether a group dubbed “DarkSide” by the cybersecurity research community is responsible, the former government official said.
DarkSide is known for using ransomware and blackmailing victims while selectively avoiding targets in post-Soviet states.
The malicious software used in the attack was ransomware, two cybersecurity industry sources who are familiar with the matter. Ransomware is a type of malware designed to lock down systems by encrypting data and demanding payment in order to regain access. The malware has grown in popularity over the past five years.
Colonial hired a third-party cybersecurity firm to open an investigation and reached out to law enforcement and other federal agencies.
Cybersecurity company FireEye (NASDAQ 🙂 was called in to respond to the attack. FireEye declined to comment when asked if it was working on the incident.
The U.S. Transportation Security Administration told Reuters that it was working with other agencies on the situation.
Colonial did not provide any further details and did not provide how long the pipelines would remain closed. The privately held Georgia-based company is owned by CDPQ Colonial Partners LP, IFM (USA) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors LP, Koch Capital Investments Company LLC, and Shell Midstream (NYSE 🙂 Operating LLC.
“Cybersecurity vulnerabilities have become a systemic problem,” said Algirde Pipikaite, director of cyber strategy at the World Economic Forum’s Cybersecurity Center.
“If cybersecurity measures are not embedded in the development phase of a technology, we are likely to see attacks on industrial systems such as oil and gas pipelines or water treatment plants more frequently,” added Pipikaite.
Reuters reported earlier Friday that Colonial had closed its main gasoline and distillate lines.
During Friday’s trading session, gasoline futures on the New York Mercantile Exchange rose 0.6% to $ 2.1269 per gallon, while diesel futures rose 1.1% to $ 2.0106 per gallon – beating both Gains in. Meanwhile, Gulf Coast cash prices for gasoline and diesel declined amid prospects that the region might build up supplies.
“Every day this is becoming a bigger and bigger impact on the Gulf Coast oil refinery,” said Andrew Lipow, president of consulting firm Lipow Oil Associates. “Refineries would have to respond by reducing crude oil processing because they have lost part of the distribution system.”
If the system stays closed for four or five days, the market could experience sporadic outages at fuel terminals that depend on the pipeline for deliveries, he said.
Gulf Coast prices could continue to weaken, while New York Harbor prices could rise, one market operator said – gains that could point to an increase in northeast pumps.
The American Petroleum Institute, a leading oil trading group, said it is monitoring the situation.
Oil company Exxon Mobil Corp (NYSE 🙂 said the Gulf Coast assets were operating normally and a spokesman for Royal Dutch Shell (LON 🙂 PLC declined to comment.
Ben Sasse, a Republican senator from Nebraska and a member of the Senate Select Committee on Intelligence, said the cyberattack was a warning of things to come.
“This is a play that will be performed again and we are not adequately prepared,” he said. Legislators should adopt an infrastructure plan to protect the sectors against these attacks.
Colonial previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. This contributed to scarce supplies and soaring gasoline prices in the US after the hurricane shut down many refineries in the Gulf.
East Coast cash prices for gasoline rose to their highest level since 2012 during Hurricane Harvey and have not risen since then, while diesel prices rose to more than two-year highs, data from Refinitiv Eikon showed.