NEW YORK (Reuters) – U.S. fuel pipeline operator Colonial Pipeline has shut down its entire network, which provides nearly half of the U.S. east coast’s fuel supply, following a cyber attack that the company said was caused by ransomware.
The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how critical the US energy infrastructure is to hackers. The shutdown has raised fears of a rise in gasoline pump prices ahead of the peak summer season if it continues.
Colonial transports 2.5 million barrels of gasoline, diesel, jet fuel and other refined products daily over 8,850 km of pipelines connecting refineries on the Gulf Coast with the eastern and southern United States.
Colonial said it shut down systems to contain the threat after learning of the attack on Friday. That action also temporarily ceased operations and affected some of its IT systems, the company said.
While the US government’s investigation is in the early stages, a former official and two industry sources said the hackers are likely a professional cybercriminal group. The former official said investigators were looking at a group known as DarkSide, known for using ransomware and blackmailing victims while avoiding targets in post-Soviet states.
According to Colonial, the incident involved the use of ransomware, a type of malware that locks systems by encrypting data and demanding payment in order to regain access.
Colonial hired a cybersecurity firm to open an investigation and reached out to law enforcement and federal agencies, it said.
Cybersecurity company FireEye was called in to respond to the attack. FireEye declined to comment.
US government agencies said they are aware of the situation. The Department of Energy said it was monitoring possible impacts on the country’s energy supplies, while both the cybersecurity and infrastructure security agency and traffic safety agency told Reuters they were working on the situation.
“We are working with the company and our interactors on the situation. This underscores the threat ransomware poses to any organization of any size or industry,” said Eric Goldstein, executive director of cybersecurity at CISA.
Colonial did not provide any further details and did not provide how long the pipelines would be closed. The privately held Georgia-based company is owned by CDPQ Colonial Partners LP, IFM (USA) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors LP, Koch Capital Investments Company LLC, and Shell Midstream Operating LLC.
“Cybersecurity vulnerabilities have become a systemic problem,” said Algirde Pipikaite, head of cyber strategy at the World Economic Forum’s Cybersecurity Center.
“If cybersecurity measures are not embedded in the development phase of a technology, we are likely to see attacks on industrial systems such as oil and gas pipelines or water treatment plants more frequently,” added Pipikaite.
After the shutdown was first reported on Friday, gasoline futures on the New York Mercantile Exchange rose 0.6% while diesel futures rose 1.1%, both of which outperformed gains in crude oil. Gulf Coast cash prices for gasoline and diesel declined amid prospects that supplies could build up in the area.
“Every day this is becoming a bigger and bigger impact on the Gulf Coast oil refinery,” said Andrew Lipow, president of consulting firm Lipow Oil Associates. “Refineries would have to respond by reducing crude oil processing because they have lost part of the distribution system.”
If the system stays closed for four or five days, the market could experience sporadic outages at fuel terminals that depend on the pipeline for deliveries, he said.
Gulf Coast prices could continue to weaken, while New York Harbor prices could rise, one market operator said – gains that could point to an increase in northeast pumps.
“This is a big deal, and if manual overrides or backups aren’t available, this incident may take more time to mitigate than we’d like,” said Chris Bronk, Associate Professor of Computer Information Systems at the University of Houston and a former senior executive US State Department advisor.
The American Petroleum Institute, a leading oil industry trading group, and the American Automobile Association said they are monitoring the situation.
Oil company Exxon Mobil Corp said its Gulf Coast assets are operating normally, and a spokesman for Royal Dutch Shell PLC declined to comment. Phillips 66, who operates refineries on the Gulf Coast, said he is overseeing developments.
Ben Sasse, a Republican senator from Nebraska and a member of the Senate Select Committee on Intelligence, said the cyberattack was a warning of things to come.
“This is a piece that is being re-enacted and we are not adequately prepared,” he said, adding that lawmakers should pass an infrastructure plan to protect sectors against these attacks.
Colonial had previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. This contributed to scarce supplies and soaring gasoline prices in the United States after the hurricane forced many Gulf refineries to shut down.
Cash prices for gasoline on the east coast rose to their highest level since 2012 during Hurricane Harvey and have not risen higher since then, while diesel prices rose to more than two-year highs, data from Refinitiv Eikon showed.
