The operator of the largest U.S. fuel pipeline said it had restored service to most of its system and expected to fully resume operations Thursday, following a cyberattack that forced its closure.
The shutdown had spurred a run on gasoline stations across several southeast and lower mid-Atlantic states, raising the average U.S. gasoline price to the highest in 6½ years.
Colonial Pipeline Co., operator of the 5,500-mile conduit for gasoline, diesel fuel and other refined products to the East Coast, said it expects fuel to arrive by midday across the area.
The Colonial Pipeline supplies about 45% of the fuel consumed on the East Coast, according to the company’s website. It runs from the Gulf Coast to Linden, N.J.
Thousands of gas stations across several southeastern states ran dry this week as drivers waited in long lines for fuel. On Thursday, the average U.S. price of a gallon of gasoline rose to $3.03 a gallon.
It isn’t the first cyberattack that the U.S. energy industry has suffered, but it is a dramatic example of what can happen when malicious software affects the computer systems of an energy company. The energy industry is a big target, with 2.5 million miles of pipelines and a vast array of sensors, valves, leak-detection tools and other systems linked not only to pipelines but also to refineries and power plants.
How is the incident affecting gasoline prices?
Fuel prices, which had already been climbing before the shutdown as demand recovers from the coronavirus pandemic, have shot up with drivers along the East Coast flocking to gas stations and running many of them dry. On Wednesday, the national average price of a gallon of regular, unleaded gasoline rose to a 6½-year high above $3, AAA showed. Prices started the year around $2.25 a gallon.
Prices have advanced in many states, but the increases have been pronounced in states that are heavily dependent on Colonial Pipeline for fuel. As of Thursday morning, 68% of gas stations in North Carolina had run dry, according to fuel and price tracker GasBuddy, which collects data from drivers that report such outages. In Georgia, 49% had run out of fuel; in South Carolina, 52%; in Virginia, 54%.
Scenes on social media and television of lines and gas stations running out of fuel have made the run on gas even more severe, analysts say, even in states such as Florida that don’t receive much supply from the Colonial pipeline. Governors in several states, including North Carolina, Georgia, Virginia and Florida, have declared states of emergency in response to the shortages. Energy Secretary
on Tuesday urged consumers not to panic-buy fuel.
What happened to the Colonial Pipeline?
Colonial said Friday it discovered it had been hit by a cyberattack and took some systems down to isolate the threat, temporarily halting fuel flows on the pipeline. It later said it found that the cyberattack involved ransomware, a type of code that attempts to seize computer systems and demand payment from the victim to have them unlocked.
The Alpharetta, Ga.-based pipeline company, owned by units of IFM Investors, Koch Industries Inc., KKR & Co. and
Royal Dutch Shell
PLC, said it is working to restore information-technology systems and developing a plan to start the pipeline up when it has approval from federal regulators.
So far, no evidence has emerged that the attackers penetrated the vital control systems that run the pipeline, according to people familiar with the matter. But because this deeper layer of controls is vulnerable to cyberattacks, spreading the infection could have dire consequences.
How often do these attacks occur?
The Colonial Pipeline attack was a high-profile example of the kind of assaults that U.S. companies, schools, hospitals and other organizations deal with every day. Ransomware assaults have become more frequent and more brazen since the pandemic began.
In 2020, energy companies sustained the third-largest number of cyberattacks of any industry, up from ninth place the previous year, as cybercriminals ramped up assaults on firms with software connected to operational control systems. Operational control systems run the physical equipment at power plants, pipelines and refineries and are vulnerable to cyberattacks.
Who are the DarkSide hackers who allegedly led the cyberattack?
The Federal Bureau of Investigation said on Monday that the hacking group DarkSide was responsible for the attack on Colonial’s networks, and that it is working with the company and other government agencies on the investigation. Cybersecurity investigators involved in responding to the cyberattack had viewed DarkSide as a leading suspect in the attack, according to people familiar with the matter.
According to the cybersecurity firm Cybereason, DarkSide is an organized hacking group linked to Eastern European countries in the former Soviet Bloc, wielding a new strain of ransomware to target victims and demand ransoms typically between $200,000 and $2 million.
The DarkSide group’s ransomware first came to light last August, and the group has relatively quickly “established a reputation for being a very ‘professional’ and ‘organized’ group that has potentially generated tens of millions of dollars in profits from the ransomware,” Cybereason said in an April report.
Write to Collin Eaton at firstname.lastname@example.org and Amrith Ramkumar at email@example.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8