What we know about the Colonial Pipeline ransomware cyberattack

The latest on who is behind it, how it could impact gas prices and more.

May 10, 2021, 4:06 PM

A cybersecurity attack targeting operators of a major East Coast fuel pipeline has left the nation reeling, exposing the vulnerabilities of critical infrastructure to new threats while also leaving many Americans with more questions than answers.

Colonial Pipeline said on Saturday that it was the victim of a cyberattack involving ransomware and had "proactively" halted all pipeline operations as a result. The 5,500-mile pipeline system transports approximately 45% of all fuel consumed on the East Coast, according to its website, and runs from Texas to New Jersey.

President Joe Biden acknowledged the ransomware attack during remarks on Monday, saying his administration has been tracking the incident "extremely carefully" and that he has been "personally briefed every day" on it.

PHOTO: Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey.
Holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey.
Colonial Pipeline/via Reuters, File

Eric Goldstein, the executive assistant director for cybersecurity at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), told ABC News in an interview on Monday that Americans should not expect any "shortfalls" from the hack.

"They expect resolution of this issue in the near future and shortfalls that will affect the American people are not anticipated," Goldstein said.

Here is what to know about the Colonial Pipeline cyberattack, including the latest on who is behind it and how it could potentially impact gas prices.

Who is behind the cyberattack?

The Federal Bureau of Investigation confirmed in a statement Monday that Darkside ransomware was responsible for the compromise of the Colonial Pipeline networks.

The FBI added that it will continue to work with the company and government partners on the ongoing investigation.

The Darkside criminal organization operates in Eastern Europe. While federal officials are still trying to determine whether a foreign nation could be involved in the cyberattack, Russian intelligence has been known to cooperate with Eastern European cybercriminals in the past.

"It is always a concern when any adversary, nation state or criminal group targets an American business or critical infrastructure and particularly, although not exclusively, when that effort results in disruption of a critical function or service," CISA's Goldstein told ABC News.

"We are deeply focused on making sure that every organization in this country takes steps to minimize the risks to their networks and has the ability to recover quickly, regardless of the actors involved, because we know that there are so many groups out there that are attempting these kind of intrusions," he added.

Goldstein did not say whether authorities have identified Darkside as working for a foreign country.

President Biden said during remarks Monday that there is currently "no evidence" that Russia is involved in the cyberattack.

"Although, there is evidence that the actors’ ransomware is in Russia," the president added. "They have some responsibility to deal with this."

PHOTO: Fuel tanks are seen at a Colonial Pipeline breakout station in Woodbine, Md., May 8, 2021.
Fuel tanks are seen at a Colonial Pipeline breakout station in Woodbine, Md., May 8, 2021. A cyberattack forced the shutdown of 5,500 miles of Colonial Pipeline's sprawling interstate system, which carries gasoline and jet fuel from Texas to New York.
Jim Lo Scalzo/EPA via Shutterstock

When will the pipeline be operational again?

Colonial Pipeline said in a statement Monday that it is executing a phased plan to incrementally return to service, with "the goal of substantially restoring operational service by the end of the week."

The company said it will be providing updates as the restoration efforts progress.

"Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time," the company said. "In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely."

How will this impact gas prices?

Patrick DeHaan, the head of petroleum analysis at GasBuddy, told ABC News Monday that the pipeline shutdown will likely not impact the price at the pump for most Americans.

"It certainly creates some logistical challenges in the Southeast, and it may create price increases modestly in the Southeast, but there is not an impending spike coming nationally," he said. "This is not an outage of a refinery that produces gasoline and so supply is not disrupted for the rest of the nation that is not served by the Colonial Pipeline."

"This is evolving, but for now this is not going to be a national issue or have a national effect on gas prices," he added.

DeHaan predicts that motorists along the Southeast, from northern Florida to Virginia, may see slight increases of between 5 to 15 cents per gallon at most. For now, DeHaan recommends that drivers in these areas conserve as much as possible, which could help "bring a much more rapid conclusion to this once the pipeline reopens."

"My advice to motorists is not to panic buy and make the situation much worse," DeHaan added. "If motorists do panic and rush out to fill up that could make prices spike more significantly and make outages more severe."

What is the federal government doing to help?

PHOTO: Homeland Security Advisor and Deputy National Security Advisor Dr. Elizabeth Sherwood-Randall speaks about the Colonial Pipeline outage following a cyber attack during the daily press briefing at the White House in Washington, May 10, 2021.
Homeland Security Advisor and Deputy National Security Advisor Dr. Elizabeth Sherwood-Randall speaks about the Colonial Pipeline outage following a cyber attack during the daily press briefing at the White House in Washington, May 10, 2021.
Kevin Lamarque/Reuters

Homeland Security Advisor and Deputy National Security Advisor Elizabeth Sherwood-Randal said during a White House press briefing Monday that the Biden administration is assisting Colonial through a "whole of government effort" involving a slew of agencies being led by the Department of Energy.

"Colonial is responsible for safely returning the pipeline to service, and our role in the federal government is to take proactive steps to analyze the impacts of the shutdown on the delivery of gasoline, diesel and aviation fuel in states that are dependent on the pipeline, and to identify federal options for alleviating supply shortfalls, should they develop," Sherwood-Randal said.

"For example, to help address potential supply disruptions, the Department of Transportation issued an hours-of-service waiver yesterday, which provides greater flexibility to drivers transporting gasoline, diesel, jet fuel, and other refined petroleum products across 17 states as well as the District of Colombia," she added. She emphasized there is not a supply shortage currently.

PHOTO: Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberg speaks about the Colonial Pipeline outage following a cyber attack during the daily press briefing at the White House in Washington, May 10, 2021.
Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberg speaks about the Colonial Pipeline outage following a cyber attack during the daily press briefing at the White House in Washington, May 10, 2021.
Kevin Lamarque/Reuters

Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberg said at the same press briefing that they are "actively engaged with the company and offering support as needed to restore their systems."

"Right now, they've not asked for cyber support from the federal government, but we remain available to meet their cybersecurity needs," she added.

Neuberg demurred when asked if Colonial had paid a ransom to the hackers, saying, "Colonial is a private company, and we’ll defer information regarding their decision on paying a ransom to them."

Related Topics