The oil and gas pipeline that is the subject of a ransomware attack will not return to service in any meaningful way until the end of the week, the pipeline operator said on Monday.
Colonial Pipeline, as operator, will restore the pipeline operations in “a phased approach”, Colonial said in a statement on its website.
“Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time. In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely,” the statement read in part.
Colonial added that the situation “remains fluid and continues to evolve.”
The attack on a piece of critical infrastructure in the United States has caused the U.S. government to declare a state of emergency, but on a broader scale, it highlights the growing importance for critical infrastructure to ramp up digital security to match today’s digital threats.
There have been several oil- and gas-related cyberattacks across the world over the last few years, including an attack on Pemex in 2019 that completely ground Pemex’s administrative operations to a halt. Other energy victims include Portugal’s Energy Giant EDP, Italy’s Saipem, Energy Transfer Partners, Boardwalk Pipeline Partners, and Oneok.
The Colonial Pipeline operates the country’s largest fuel pipeline, and since the attack, all operations were halted as of Friday. All four main lines continue to lay idle.
The FBI attributed Friday’s attack to something known as the DarkSide. The DarkSide ransomware is supposedly run by a Russian cybercrime gang also known as DarkSide.