On May 7, the Colonial Pipeline, a large artery pipeline for refineries in the Gulf of Mexico to the south and east of the US, was forced to shut down operations after its IT systems fell victim to a cyberattack. Today, the pipeline restarted operations as of about 5 p.m. Eastern time, given the shortage caused by the shutdown.
The Colonial Pipeline supports roughly 45 percent of the gasoline, coal, home heating oil, jet fuel and military supplies of the East Coast. Its shutdown led many to believe that a fuel shortage would be coming, leading many to panic-buy fuel and causing problems that will take several days for the "product delivery supply chain to return to normal," mentions the Washington Post.
Before it restarted operations, US White House press secretary Jen Psaki said that the government was monitoring supply shortages in the Southeast and "evaluating every action the Administration can take to mitigate the impact as much as possible." Amy Myers Jaffe, research professor and author of the book "Energy's Digital Future," mentions that "This is not a minor attack. This is not a nuisance hack. This is not a breach to security that has to be plugged. This is a major event."
According to ZDNet, the DarkSide group has claimed responsibility for the ransomware attack. The initial attack could have been caused by a phishing email, the use of access credentials obtained elsewhere or another tactic.
Gasoline Outages by state, percent of all stations without gasoline, as of 3pm CT:— Patrick De Haan ⛽️📊 (@GasBuddyGuy) May 12, 2021
This event highlights the importance of cybersecurity nowadays but Mexican companies have also fallen victim to ransomware attacks. In late-2019, a group of cybercriminals hijacked a series of computers at Mexico’s oil firm PEMEX and crashed its servers, reports El Economista. The hackers asked for 565 bitcoins (US$4.9 million at the time) to liberate the information.
Ransomware attacks have become more common during the past year. As mentioned by Claudio Martinelli, Managing Director of Latin America Kaspersky and MBN contributor, one of the most common risks during the last 12 months has been attacks against the protocols used by employees to access corporate resources remotely. He states that as companies continue working remotely it is necessary to make home office assessment and certification a must. "However, these (risks) can be overcome by taking proactive actions to ensure an organization remains protected. These include gaining a full understanding of how specific threats are being carried out and where they are coming from, ensuring the protection of the data stored in third-party services, equipping remote employees with the right security solutions and policies to keep their home office networks safe and secure."