Colonial Pipeline Says Its Shipping Communications System Is Down

Colonial Pipeline Says Its Shipping Communications System Is Down
In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station in Washington on May 13, 2021. (Drew Angerer/Getty Images)
Jack Phillips
5/18/2021
Updated:
5/18/2021

After becoming a victim of a days-long ransomware attack last week, Colonial Pipeline confirmed to news outlets Tuesday that its shipping communications system is down.

The firm operating the pipeline said the issue was not caused by the ransomware attack.

“Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process. These issues were not related to the ransomware or any type of reinfection,” the firm said in a statement.

The company continued to say that it is “working diligently to bring our nomination system back online and will continue to keep our shippers updated,” adding that the 5,500-mile-long pipeline system is still “deliver[ing] refined products as nominated by our shippers.”

The ransomware attackers—later identified by the FBI and White House officials as a cybercriminal group called Darkside said to be operating in Russia—reportedly demanded $5 million from the pipeline operator to restore its service, although it hasn’t been confirmed by either Colonial or Darkside. Colonial said in an update last week that its pipeline infrastructure systems were not compromised in the hack and shut down the system as a precaution.

Colonial announced last week that it had returned service to the pipeline. The outage prompted gas and fuel shortages in Washington, Maryland, North Carolina, Georgia, and several other states—prompting President Joe Biden to call on Americans not to hoard gas or panic-buy fuel.

Darkside also said around the same time that it is stopping operations, saying in a Russian statement that it lost access to part of its infrastructure and financial assets.

“In view of the above and due to the pressure from the U.S., the affiliate program is closed. Stay safe and good luck. The landing page, servers, and other resources will be taken down within 48 hours,” the announcement read, according to a translation by Intel 471, a group of intelligence operators.

Before, Darkside released a statement cited by news outlets that it is apolitical and only “wants to make money.”

But some security researchers expressed skepticism about Darkside’s announcement and noted the group could be disbanding for a temporary period of time to avoid law enforcement scrutiny.

Biden, separately, told reporters last week that he would be speaking to Russian President Vladimir Putin about the hack, but he suggested there was “no evidence” Kremlin had anything to do with the ransomware breach. However, he suggested that the Russian government bears some responsibility.

“So far there is no evidence … from our intelligence people, that Russia is involved, although there’s evidence that the actors’ ransomware is in Russia,” the president said, citing a report he received from the FBI.

The Epoch Times has contacted Colonial for comment.

Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter
Related Topics