The US government invoked emergency powers on Sunday after a top oil pipeline was hit by one of the worst ever cyberattacks.
Fuel pipeline operator Colonial Pipeline was knocked offline by a cybercriminal gang on Friday and forced to shut a critical fuel network supplying the east coast. The company is working to restore its service.
The emergency declaration means rules are relaxed for drivers transporting fuel and petrol in 18 states. Drivers can work extra or more flexible hours to make up for any fuel shortages.
The populous states affected include Alabama, Florida, New York, Texas, and Virginia.
The attack is one of the most disruptive digital ransom schemes reported and has prompted calls from American lawmakers to strengthen protections for critical US energy infrastructure from hacking attacks.
Commerce Secretary Gina Raimondo said the pipeline fix was a top priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart as quickly as possible its more than 5,500-mile (8,850 km) pipeline network from Texas to New Jersey.
“It’s an all-hands-on-deck effort right now,” Raimondo told CBS’ ‘Face the Nation’ programme.
“We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply”.
Colonial said on Sunday its main fuel lines remain offline but some smaller lines between terminals and delivery points are now operational. Neither Raimondo nor the company gave an estimate for a full restart date.
The investigation into the hacking is in its early stages but a former US official and three industry sources said the hackers are suspected to be a professional cybercriminal group called DarkSide.
DarkSide is a ransomware gang that extorts victims and claims it donates a portion of its money to charity. The group says it does not attack post-soviet states not hospitals, educational or government targets.
They work by gaining access to private networks, encrypting files using software, and often also steal data. They then demand payment to decrypt the files and increasingly ask for additional money not to publish stolen content.
In the Colonial attack, the hackers took more than 100 gigabytes of data, according to a person familiar with the incident.
As the FBI and other government agencies worked with private companies to respond, the cloud computing system the hackers used to collect the stolen data was taken offline Saturday, the person said.
Colonial’s data did not appear to have been transferred from that system anywhere else, potentially limiting the hackers’ leverage to extort or further embarrass the company.
Colonial said it was working with a “leading, third-party cybersecurity firm,” but did not name the company.
Messages left with the DarkSide hackers by Reuters were not immediately returned. The group’s dark website, where hackers regularly post data about victims, made no reference to Colonial Pipeline.
Colonial declined to comment on whether DarkSide hackers were involved in the attack, when the breach occurred or what ransom they demanded.
Will fuel prices be affected?
Experts, including the American Automobile Association (AAA), have warned that if the outage lasts several days it could have a significant impact on regional fuel supplies.
During previous Colonial outages, retail prices in southeastern states have risen substantially.
US gasoline futures jumped more than 3 per cent to $2.217 (€1.82) a gallon, the highest since May 2018, as trading opened on Monday and market participants reacted to the closure.
Colonial transports roughly 2.5 million barrels per day of gasoline and other fuels from refiners on the Gulf Coast to consumers in the mid-Atlantic and southeastern United States.
Its extensive pipeline network serves major US airports, including Atlanta’s Hartsfield Jackson Airport, the world’s busiest by passenger traffic.
A Charlotte Douglas International Airport spokesperson said the airport had supply on-hand and was “monitoring the situation closely,” adding that the complex is supplied by another major pipeline as well as Colonial.