The largest gasoline pipeline in America is returning to service, recovering from a cyberattack late Friday that raised pump prices and choked fuel supplies across the eastern U.S.
The Colonial Pipeline — a critical source of gasoline and diesel for the New York area and the rest of the East Coast — was set to restart around 5 p.m. Eastern time, according to a company statement.
The Alpharetta, Georgia-based operator said over the weekend that it was forced to take systems offline on May 7 in response to the ransomware attack. Even with full service restored, it will take about two weeks for gasoline stored in Houston to reach East Coast filling stations.
Gasoline stations from Florida to Virginia are running dry. In parts of the U.S. South, three in every four gas stations had no fuel as of Wednesday, while in Washington, D.C., cars were lining up for blocks as they waited to fill up.
U.S. pump prices have topped $3 a gallon for the first time in six years. Colonial each day normally ships about 2.5 million barrels (105 million gallons), an amount that exceeds the entire oil consumption of Germany.
The supply disruptions underscore just how vulnerable America’s fuel supply system has become in the wake of increased attacks on energy infrastructure by hackers over the past few years.
Colonial was just the latest example of critical infrastructure being targeted by ransomware. Hackers are increasingly attempting to infiltrate essential services such as electric grids and hospitals.
The escalating threats prompted the White House to respond last month with a plan to increase security at utilities and their suppliers. Pipelines are a specific concern because of the central role they play in the U.S. economy.
The attack on Colonial came just as the nation’s energy industry is preparing for summer travel and as fuel demand rebounds from pandemic-related lockdowns.
It was reminiscent of a 2018 cyberattack that brought down a third-party communications system used by several natural gas pipelines operators across the U.S. That hack didn’t halt actual gas flows, but it delayed utility billing and made it challenging for traders to forecast supplies.
The Federal Bureau of Investigation attributed the breach to ransomware created by a group called DarkSide. Some evidence emerged linking DarkSide to Russia or elsewhere in Eastern Europe. President Joe Biden said Russia has “some responsibility” to address the attack but stopped short of blaming the Kremlin, saying “there’s evidence” the hackers or the software they used are “in Russia.”
This isn’t the first time Colonial has been forced to shut down. In 2016, an explosion kept the system offline for days, raising gasoline prices and forcing the New York Harbor market to become more dependent on imports of fuel from overseas.
Colonial has the capacity to ship about 2.5 million barrels a day on its system stretching from Houston to North Carolina and another 900,000 barrels a day to New York.
Ransomware cases involve hackers seeding networks with malicious software that encrypts the data and leaves the machines locked until the victims pay the extortion fee, which can range from a few hundred dollars to millions of dollars in cryptocurrency.
Utilities’ information technology networks, which run email and other routine functions, and operational technology networks, which control the actual functioning of the delivery of electricity or natural gas, are typically kept mostly separate, which is what made Colonial’s decision to temporarily shut down both so unusual.