Colonial Pipeline restarts operations brought down by ransomware

Colonial said it will take “several days” for the pipeline’s deliveries to return to normal.
Written by Tiernan Ray, Senior Contributing Writer

Colonial Pipeline, the operator of the one of the largest pipelines in the United States for refined petroleum products, Wednesday evening said it restarted operations that had been interrupted by a ransomware attack May 7th

"Colonial Pipeline initiated the restart of pipeline operations today at approximately 5 p.m. ET.," said the company in a posting on its Web page that has provided updates since Saturday. 

Said Colonial, "Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."

Also: Colonial Pipeline attack: Everything you need to know 

Colonial first announced Saturday that it proactively shut down operations after being infiltrated by ransomware software that encrypted the company's files. 

The pipeline provides roughly 45% of the East Coast's fuel. In days following the attack, stocks of gasoline have run out across swaths of the Eastern U.S. seaboard, in states such as North Carolina and Virginia, prompting panic buying by motorists. 

Law enforcement and security specialists quickly pointed to the underworld organization DarkSide as the source of the ransomware code used, and DarkSide subsequently claimed responsibilty for the attack. DarkSide operates as a "ransomware-as-a-service" cloud computing business. 

Also: DarkSide explained: The ransomware group responsible for Colonial Pipeline cyberattack

Security firm FireEye has documented the nature of the DarkSide code based on a forensic analysis of the exploit, and groups that appear to have been participating in the attack uisng the code.

Also Wednesday, The White House announced U.S. President Joe Biden signed an executive order calling for a number of measures to "improve the nation's cybersecurity and protect federal government networks."

Editorial standards