Reports of second cyberattack on Colonial Pipeline false, company says
In an aerial view, fuel holding tanks are seen at Colonial Pipelines Dorsey Junction Station on May 13, 2021 in Woodbine, Maryland. The Colonial Pipeline has returned to operations following a cyberattack that disrupted gas supply for the eastern U.S
ALPHARETTA, Ga. - Colonial Pipeline, the nation’s largest fuel pipeline, says reports of another ransomware attack are not true.
The Alpharetta-based company, which delivers about 45% of the gasoline consumed on the East Coast, says data posted online appear to be from a third-party vendor and not originating from within the company itself.
The statement released late Friday reads:
"Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After working with our security and technology teams, as well as our partners at CISA, we can confirm that there has been no disruption to pipeline operations and our system is secure at this time. Files that were posted online initially appear to be part of a third-party data breach unrelated to Colonial Pipeline."
The pipeline, which plays a key role in transporting gasoline, jet fuel, diesel and other petroleum products from Texas all the way to the Northeast, was attacked in 2021 which shut down the flow of fuel for just under a week.
What is a ransomware attack?
Ransomware scrambles data that can only be decoded with a software key after the victim pays off the criminal perpetrators. Hospitals, schools, police departments and state and local governments are regularly hit.
Such attacks are difficult to stop in part because they’re usually launched by criminal syndicates that enjoy safe harbor abroad, mostly in former Soviet states. An epidemic of ransomware attacks has gotten so bad that Biden administration officials deemed them a national security threat.
Experts say the attack on the Colonial Pipeline also underscored the vulnerabilities of the nation's energy sector, and other critical industries whose infrastructure is largely privately owned.
Colonial Pipeline hit with cyberattack in 2021
The Colonial Pipeline was hit by a ransomware attack in May 2021, which shut down the entire pipeline.
DarkSide, which is a Russian-based criminal gang that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, was believed to be behind it.
The U.S. Justice Department said it has recovered $2.3 million in cryptocurrency paid as a ransom to hackers responsible.
The attack caused a fuel outage for nearly a week and prompted an emergency declarations in about 17 states.
The outage impacted drivers in Alabama, Florida, Georgia, Maryland, North Carolina, South Carolina, Tennessee and Virginia, not to mention flights overseas out of Hartsfield-Jackson Atlanta International Airport.
Two years after the attack, the Cybersecurity and Infrastructure Security Agency released a report on what was learned and what has been done to prevent such attacks from happening again.
The Associated Press contributed to this report.