Nearly three years ago, the Colonial Pipeline was attacked and shut down for six days, leading to a gas shortage. Washington, D.C., and 17 other states declared a state of emergency.
Overview of the Colonial Pipeline attack
Colonial Pipeline was hit by ransomware in May 2021, affecting several digital systems and forcing it to shut down for several days. The incident affected both consumers and airlines along the East Coast. It was considered a national security risk because the pipeline moves oil from refineries to industrial markets, prompting US President Joe Biden to declare a state of emergency.
The Colonial Pipeline is one of the largest and most important oil pipelines in the United States, opened in 1962 to help transport oil from the Gulf of Mexico to the East Coast. The system consists of more than 5,500 miles of pipeline, starting in Texas and running through New Jersey, and is responsible for nearly half of the fuel on the East Coast. It supplies refined oil for gasoline, jet fuel, and home oil.
On May 6, 2021, the DarkSide hacker group accessed Colonial Pipeline's network, stealing 100GB of data within 2 hours. They then infected the IT network with ransomware, affecting multiple computer systems, including accounting and billing.
Colonial Pipeline had to shut down the pipeline to stop the ransomware from spreading. Security firm Mandiant was then called in to investigate the attack. The FBI, Cybersecurity and Infrastructure Security Agency, Department of Energy, and Department of Homeland Security also participated.
On May 7, 2021, the largest pipeline company in the US had to pay a ransom of 75 Bitcoins worth about $4.4 million to hackers to get the decryption key. The pipeline was back in operation from May 12, 2021.
During a hearing before the US Congress on June 8, 2021, Charles Carmakal, senior vice president and chief technology officer of Mandiant, said the attacker penetrated the network using a leaked password from a VPN account. Many organizations use VPNs to access secure corporate networks remotely.
According to Carmakal’s testimony, a Colonial Pipeline employee apparently shared a VPN password with another account, but that password was somehow exposed in another data breach. Sharing a password across multiple accounts is a mistake many people make.
Also at the hearing, Colonial Pipeline CEO Joseph Blount explained why he decided to pay the ransom. At the time of the attack, he did not know how widespread the infection was or how long it would take to restore the system. Therefore, he made the decision in the hope of speeding up the recovery time.
The US Department of Justice, after tracing the payment, discovered the digital address of the wallet used by the attacker and obtained a court order to seize the Bitcoin. As a result, the operation recovered 64/75 Bitcoins worth about $2.4 million.
The “Legacy” of the Colonial Pipeline Attack
Ransomware is the first time the nation has taken notice of it, forcing Congress to pass new laws and spurring federal agencies to adopt new cybersecurity requirements. Ransomware attacks are not new—they’ve devastated governments, healthcare facilities, and schools before Colonial Pipeline. But the difference is the regional impact, said Ben Miller, vice president of services at infrastructure security firm Dragos.
“I learned later that there is a certain level of attention when there is a real impact on people’s lives,” said Charles Carmakal, senior vice president at security firm Mandiant, which helped investigate the Colonial incident. “When it comes to gas and meat, people really care.”
The Colonial Pipeline incident left many airlines short of fuel and some airports restricted. Concerns about gasoline shortages caused panic and long lines at gas stations in many states. Average prices at the pump also skyrocketed due to the pipeline outage. In some states, people were even pouring gasoline into plastic bags, prompting the U.S. Consumer Product Safety Commission to issue a warning to only use designated containers for gasoline.
The Colonial Pipeline attack forced everyone to take security risks seriously and adopt policies that had previously been overlooked. Getting the federal government to prioritize critical infrastructure security requirements was a difficult task, according to Mike Hamilton, former chief information security officer for the city of Seattle.
Subsequent incidents in late 2021—including one targeting meat producer JBS Foods—put more pressure on policymakers, regulators, and executives. They were a catalyst for executives to review their own ransomware response plans. Miller said the level of interest in response plans became much more detailed.
Still, regulation and industry change are needed. Wendi Whitmore, senior vice president of threat intelligence at Palo Alto Networks Unit 42, said there should be multilateral agreements between countries to crack down on ransomware.
(According to Axios, Tech Target)
Source
![[Photo] Looking back at the impressive moments of the Vietnamese rescue team in Myanmar](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/11/5623ca902a934e19b604c718265249d0)
![[Photo] Summary of parade practice in preparation for the April 30th celebration](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/11/78cfee0f2cc045b387ff1a4362b5950f)
![[Photo] Phuc Tho mulberry season – Sweet fruit from green agriculture](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/10/1710a51d63c84a5a92de1b9b4caaf3e5)
Comment (0)