HARRISBURG, Pa. — A ransomware attack targeting a major East Coast fuel pipeline has exposed the vulnerabilities in American businesses’ cyber security.
Colonial Pipeline announced last Saturday that a cyber attack had shut down all four of its main lines. By Monday evening, one line running from Greensboro, N.C. to Woodbine, Md. was operating under manual control for a limited time.
The pipeline runs from Texas to New Jersey, carrying 2.5 million barrels per day of gasoline and other fuels. The fuels make up 45 percent of the East Coast’s supply.
“I’m very surprised that we’re not hearing more about our critical infrastructures being attacked like this,” said Angel Kern, a cyber security lecturer at Penn State Harrisburg. “It happens more than we think and companies don’t want to talk about it because it’s embarrassing.”
The FBI confirmed the attack by performed by DarkSide. The shadowy ransomware group is believed to be run by a Russian cyber gang, President Joe Biden told reporters.
DarkSide said in a statement on its website that their goal is to make money, not create “problems for society.”
“Most of the time, the motivation behind ransomware attacks are money,” said John Sancenito, president of Information Network Associates, an international risk management, investigative and security consulting firm based in Harrisburg.
The pipeline shutdown has highlighted the risks faced by any company using the internet.
“You can’t stop it. All you can do is make it very difficult or very expensive for the black hackers or the criminals to do damage to your system,” said Ron Jones, professor of digital forensics and cyber security at Harrisburg University.
Businesses can protect themselves by making a comprehensive cyber security plan. That can include backing up data on another server, wrapping software in security coding called a firewall, and training employees to spot phishing scams.
“We call this the human firewall,” Jones said.
After an attack, however, sometimes the only option is paying the ransom to decrypt the stolen data.
“When companies pay a ransom and they get a decryption key, it goes through and it decrypts the data, but even decrypted data sometimes doesn’t put the network back together again,” said Sancenito. “It may give you access to critical files, but if your operating systems have been affected and encrypted, if your other software has been encrypted, it takes time to put that back together. And it may never be 100 percent.”
The time needed to recover Colonial Pipeline’s data could affect already rising gas prices.
“Gas prices might go up, especially in the East Coast but maybe everywhere,” said Shelia Dunn, communications director for the National Motorists Assocation.
In reaction to news of the attack, U.S. gasoline futures jumped more than 3 percent to $2.217 a gallon, the highest since May 2018.
Colonial Pipeline said in a statement Monday they had a “goal of substantially restoring operational service by the end of the week.”
The timing of restarting the pipeline is critical; if a partial restart of the pipeline begins by Wednesday, there would be no significant or lasting impact. But after that, the Southeast would start to see spot shortages and then significant fuel shortages.