On May 7, 2021, Colonial Pipeline issued a press release stating that it had been subject to a cybersecurity attack involving ransomware. As a precaution and to ensure that susceptible parts of the pipeline were not vulnerable to any further attacks, the company temporarily shut down its pipeline.
Colonial Pipeline is the major supplier of gasoline, diesel, and jet fuel from Texas to New Jersey. Its pipeline spans 5,500 miles and supplies about 45% of the East Coast's fuel. Being forced to temporarily suspend operations because of a ransomware attack caused public panic, with many fearing that the country could run out of gas. This fear, made worse by social media posts, resulted in long lines at gas stations, with some running out of fuel.
To restore operations as quickly as possible, Colonial Pipeline stated that it had enlisted the services of a third-party cybersecurity firm. They worked to secure the company's servers and restore data using backups and rebuilding systems where necessary.
Still, it was five days before Colonia Pipeline was able to begin phased restart of its operations. On May 12, 2021, the company announced that it would be several days before functions would return to normal. It noted that its focus was on facilitating a "safe and efficient restoration of services," and it expected to see service interruptions throughout the restart process. It was not until May 13, 2021, that the entire pipeline was back up and running.
What Is Ransomware?
The Colonial Pipeline ransomware attack is one of the most notable, causing serious disruptions within the company and across the country. However, it is not the only company ever to be hit by this type of cybercrime, and it very likely will not be the last.
Ransomware attacks are quite common. In 2020, the FBI's IC3 received 2,474 complaints that resulted in financial losses of $29.1 million. These attacks work by sending malicious software (or malware) to a victim's computer or network. After the user downloads the malware onto their computer, it encrypts their files and systems, rendering them unstable or unusable.
The attacker then sends a notification to the user, informing them that their system has been encrypted and the only way to regain access is by paying a ransom for the decryption key. They also threaten to hold the data hostage or leak it if the user does not pay the ransom.
Often, the attacker demands payment in the form of cryptocurrency, increasing anonymity. Ransoms for decryption keys range from thousands to millions of dollars. According to the Institute for Security and Technology's Ransomware Task Force, in 2020, users paid $350 million in ransom.
Colonial Pipeline had declined to say whether it had paid for the decryption key. However, Bloomberg reported that the company shelled out $5 million in ransom, but the inefficiency of the decryption key forced the company to resort to its backups to restore its systems.
Attackers deliver malware to users in various ways, such as through phishing schemes or exploiting security weaknesses. Ransomware attacks continually evolve, and, according to the New York Times, 2020 saw an increasing number of sophisticated offenses.
Although anyone connected to the Internet may be subject to a ransomware attack, hackers target certain industries more. This is likely because these crimes can cripple critical systems and data, making it impossible to continue operations, and companies are likely to pay more than individuals to get the decrypting tool.
According to a BlackFog report, the most targeted industries are:
Are Ransomware Attacks Illegal?
Both state and federal laws prohibit the underlying behavior associated with ransomware attacks. Because of the nature of these crimes, a person alleged to have engaged in such conduct will likely be prosecuted under federal statutes.
A few potential federal charges include:
- Conspiracy to commit fraud in connection with computers
- Intentional damage to a protected computer
- Transmitting a demand in relation to damaging a protected computer
The FBI confirmed that it is working with other law enforcement agencies on the Colonial Pipeline matter. In a press release, it stated that the group Darkside was responsible for the ransomware attack.
The difficulty with cybercrimes like ransomware attacks is that the offenders typically go through various systems and channels to conceal their identities. Thus, an innocent person may find themselves under investigation for or accused of a cybercrime because their IP address or other identifying information was linked to an offense.