NEW YORK, (Reuters) – Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network, which supplies fuel from U.S refiners on the Gulf Coast to the eastern and southern United States, after a cyber attack that industry sources said was caused by ransomware.
The company transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 5,500 miles (8,850 km) of pipelines, and transports 45% of East Coast fuel supply.
Colonial shut down systems to contain the threat after learning of the attack on Friday, it said in a statement. That action has temporarily halted operations and affected some of its IT systems, the company said.
While the U.S. government investigation is in its early stages, one former U.S. government official and two industry sources said the hackers are most likely a highly professional cybercriminal group. Investigators are looking into whether a group dubbed “DarkSide” by the cybersecurity research community is responsible.
DarkSide is known for deploying ransomware and extorting victims, while selectively avoiding targets in post-Soviet states.
The malicious software used in the attack was ransomware, two cybersecurity industry sources familiar with the matter said. Ransomware is a type of malware that is designed to lock down systems by encrypting data and demanding payment to regain access. The malware has grown in popularity over the last five years.
Colonial has engaged a third-party cybersecurity firm to launch an investigation and contacted law enforcement and other federal agencies, it said.
Cybersecurity company FireEye has been brought in to respond to the attack, the cybersecurity industry sources said. FireEye declined to comment when asked if it was working on the incident.
Colonial did not give further details or say for how long its pipelines would be shut.
“Cybersecurity vulnerabilities have become a systemic issue,” said Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity.
“Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants,” Pipikaite added.
Reuters reported earlier on Friday that Colonial had shut its main gasoline and distillate lines.
During the trading session on Friday, Gulf Coast cash prices for gasoline and diesel edged lower.
Both gasoline and diesel futures on the New York Mercantile Exchange rose more than crude prices during the day. Gasoline futures gained 0.6% to settle at $2.1269 a gallon, while diesel futures rose 1.1% to settle at $2.0106 a gallon.
“The fact that this attack compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated or the systems were not well secured,” said Mike Chapple, a professor at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the U.S. National Security Agency.
Longer-term price effects will depend on the amount of time that the lines are shut. If barrels are not able to make it onto the lines, Gulf Coast prices could weaken further, while benchmark prices in New York Harbor could rise, one market participant said. Rising benchmark prices are typically followed by price hikes at the pump.
Colonial shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. That contributed to tight supplies and gasoline price rises in the United States after the hurricane forced many Gulf refineries to shut down.
East Coast gasoline cash prices rose to the highest since 2012 during Hurricane Harvey and have not gone higher since, while diesel prices rose to a more than two-year high, Refinitiv Eikon data showed.