Drivers all along the East Coast and southeastern United States last week were transported back to the 1970s as gas shortages began to multiply throughout the region. The shortages resulted after suspected Russian hackers installed ransomware on a computer system of the operators of the Colonial Pipeline, forcing them to shut down the pipeline’s operations.
The Colonial Pipeline is the largest refined oil products pipeline in the US, with the main line and its branches totaling over 5,500 miles of pipe. It delivers 45% of the East Coast’s gasoline, so a shutdown of the pipeline is a big deal.
Even though the pipeline shut down over a week ago, it took days for most people to realize just how important that was. And as news media began promoting fear of a gasoline supply shortage, panicked drivers rushed to gas stations to top up their tanks and fill gas cans. The result was a major gas shortage all across the southeastern United States, with nearly half of gas stations in Virginia and North Carolina out of fuel, and metropolitan areas such as Charlotte seeing three-quarters of their gas stations running dry.
The hackers didn’t even target the computer systems that actually run the pipeline, they attacked administrative and accounting systems. But those systems going down meant that the company couldn’t figure out which fuel was supposed to go where, which trucks were supposed to pick up what, etc., and so the company had to scramble to get back online.
Unfortunately, the company paid the ransom in $5 million worth of cryptocurrency, but the decrypting tool was so slow that the company continued to rely on its own backups. That payment will only further incentivize more attacks. The hackers themselves gave a semi-apology, saying they just wanted money and didn’t intend to cause such a major supply disruption.
But the incident has underscored the importance of IT security, and the fact that taking down even relatively minor computer systems can cripple the country. Now just imagine if this had been a nefarious state actor rather than monetarily motivated hackers. Unless we get serious about IT security, we’re going to see many more incidents like this in the future.