US Colonial pipeline restart advances smoothly

Colonial Pipeline, the operator of the biggest US refined oil products system, said May 13 the entire network was now back in service. But it made no mention of the alleged payment to cybercriminals who disrupted operations.

The 8,850-km Colonial pipeline was the target of a ransomware attack May 7, which halted operations on a network that meets about half of the East Coast demand . A cyberattack early in the week shut down the company’s website.

The company started the resumption of service on May 12, but noted some customers may continue to see short-term disruptions.

“Colonial Pipeline has continued to make substantial progress in safely restarting our pipeline system,” the company said May 13. “We can now report that we have restarted our entire pipeline system and that product delivery has commenced to all markets we serve.” But it warned of the possibility of disruptions along some parts of the network.

Citing two anonymous sources familiar with the matter, the Bloomberg news service reported May 13 that the pipeline company paid nearly $5mn to the hackers on the same day as the attack, despite earlier reports to the contrary. White House spokesperson Jen Psaki said that ran counter to federal policy.

“It continues to be the position of the federal government, the FBI, that it is not in the interests of the private sector for companies to pay ransom because it incentivises these actions,” she told reporters May 13.

A report published May 14 by The Soufan Center, a research group led by former FBI agent Ali Soufan, warned that would-be cybercriminals will almost certainly be incentivised by the payment of ransom. “Indeed, attacks may spur follow-on attacks, especially once other criminal groups realize exactly how vulnerable certain critical infrastructure might be to ransomware,” the report read.