Nearly three years ago, the Colonial Pipeline was attacked and shut down for six days, leading to a gas shortage. Washington, D.C., and 17 other states declared a state of emergency.
Panorama of the Colonial Pipeline under attack
Colonial Pipeline was hit by ransomware in May 2021, affecting several digital systems and forcing it to shut down for several days. The incident affected both consumers and airlines along the East Coast. It was considered a national security risk because the pipeline moves oil from refineries to industrial markets, prompting US President Joe Biden to declare a state of emergency.
The Colonial Pipeline is one of the largest and most important oil pipelines in the United States, opened in 1962 to help transport oil from the Gulf of Mexico to East Coast states. The system consists of more than 5,500 miles of pipeline, starting in Texas and moving through New Jersey, responsible for nearly half of the fuel on the East Coast. It supplies refined oil for gasoline, jet fuel, and home oil.
On May 6, 2021, the DarkSide hacker group accessed Colonial Pipeline's network, stealing 100GB of data within 2 hours. They then infected the IT network with ransomware, affecting many computer systems, including accounting and billing.
Colonial Pipeline had to shut down the pipeline to prevent the ransomware from spreading. Security firm Mandiant was then called in to investigate the attack. The FBI, the Cybersecurity and Infrastructure Security Agency, the Department of Energy, and the Department of Homeland Security also participated.
On May 7, 2021, the largest pipeline company in the US had to pay a ransom of 75 Bitcoins worth about $4.4 million to hackers to get the decryption key. The pipeline was back in operation from May 12, 2021.
During a hearing before the US Congress on June 8, 2021, Charles Carmakal, Senior Vice President and Chief Technology Officer of Mandiant, said the attacker penetrated the network using a leaked password of a VPN account. Many organizations use VPNs to access secure corporate networks remotely.
According to Carmakal’s testimony, a Colonial Pipeline employee apparently shared a VPN password with another account, but that password was somehow exposed in another data breach. Sharing a password across multiple accounts is a mistake many people make.
Also at the hearing, Colonial Pipeline CEO Joseph Blount explained why he decided to pay the ransom. At the time of the attack, he did not know how widespread the infection was or how long it would take to restore the system, so he made the decision in the hope of speeding up the recovery time.
The US Department of Justice, after tracing the payment, discovered the digital address of the wallet used by the attacker and obtained a court order to confiscate the Bitcoin. As a result, the operation recovered 64/75 Bitcoins worth about $2.4 million.
“Legacy” of the Colonial Pipeline attack
Ransomware is the first time the United States has taken notice of it, forcing Congress to pass new laws and prompting many federal agencies to introduce new cybersecurity requirements. Ransomware attacks are not new; they have devastated governments, healthcare facilities, and schools before Colonial Pipeline fell victim. But the difference is the regional impact, according to Ben Miller, vice president of services at infrastructure security firm Dragos.
“I learned later that there is a certain level of attention when there is a real impact on people’s lives,” said Charles Carmakal, senior vice president at security firm Mandiant, which helped investigate the Colonial incident. “When it comes to gas and meat, people really care.”
Due to the Colonial Pipeline incident, many airlines are running out of fuel and some airports are restricted. Concerns about the shortage of gasoline have caused panic among people, leading to long lines at gas stations in many states. In addition, average prices at the pump have also skyrocketed due to the pipeline shutdown. In some states, people are even pouring gasoline into plastic bags, forcing the US Consumer Product Safety Commission to issue a warning to only use specialized containers for gasoline.
The Colonial Pipeline attack forced everyone to take security risks seriously and implement policies that had previously been overlooked. Getting the federal government to prioritize critical infrastructure security requirements was a difficult task, according to Mike Hamilton, former chief information security officer for the City of Seattle.
Subsequent incidents in late 2021 – including one targeting meat producer JBS Foods – added pressure on policymakers, regulators, and executives. They were a catalyst for executives to review their own ransomware response plans. Miller said the level of interest in response plans became much more detailed.
Still, regulation and industry change are needed. Wendi Whitmore, senior vice president of threat intelligence at Palo Alto Networks Unit 42, says there should be multilateral agreements between countries to crack down on ransomware.
(According to Axios, Tech Target)
Source
![[Photo] General Secretary To Lam, Secretary of the Central Military Commission attends the 12th Party Congress of the Army](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/9b63aaa37ddb472ead84e3870a8ae825)
![[Photo] The 1st Congress of Phu Tho Provincial Party Committee, term 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/1507da06216649bba8a1ce6251816820)
![[Photo] President Luong Cuong receives President of the Cuban National Assembly Esteban Lazo Hernandez](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/4d38932911c24f6ea1936252bd5427fa)
![[Photo] Panorama of the cable-stayed bridge, the final bottleneck of the Ben Luc-Long Thanh expressway](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/391fdf21025541d6b2f092e49a17243f)
![[Photo] Solemn opening of the 12th Military Party Congress for the 2025-2030 term](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/2cd383b3130d41a1a4b5ace0d5eb989d)
Comment (0)