Friday night's cyberattack is "the most significant, successful attack on energy infrastructure" known to have occurred in the US. More than 5,500 miles of pipeline have been shut down in response to the attack.
Fuel prices are likely to rise 2-3 percent but the impact will be far worse if it goes on for much longer.
Colonial Pipeline said it is working with law enforcement, cyber-security experts and the Department of Energy to restore service. On Sunday evening it said that although its four mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational.
Apparently, there is a lot of fuel now stranded at refineries in Texas which will be a big problem. A temporary waiver issued by the Department of Transportation enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline's capacity.
The criminal group responsible for the attack was a Russian outfit called DarkSide. DarkSide typically targets non-Russian speaking countries. It often freelances for the Kremlin, but this appears to be a criminal extortion scam.
Citing multiple sources, the BBC reports that DarkSide infiltrated Colonial's network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.
Digital Shadows thinks the Colonial Pipeline cyber-attack has come about due to the coronavirus pandemic — the rise of engineers remotely accessing control systems for the pipeline from home. James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.