Colonial Pipeline restarts operations after ransomware attack

It will move as much fuel as possible until markets return to normal.

Anadolu Agency via Getty Images

Colonial Pipeline will soon resume its normal operations after being forced to shut down due to a ransomware attack. The company has announced that it has initiated its return to service at 5PM Eastern time on May 12th. Since it will take some time to deliver gasoline and diesel to all the areas it serves, some locations may continue suffering from fuel shortage. Colonial promises to "move as much gasoline, diesel, and jet fuel as is safely possible," though, "until markets return to normal."

The pipeline company was targeted by the DarkSide ransomware group, which demanded nearly $5 million in bitcoin. Colonial is a major source of fuel for the East Coast, and the situation triggered fuel shortages. It didn't say whether it's now able to resume fuel shipments because it paid up, but according to CNN, Colonial was able to retrieve its most important data without payment changing hands. The company reportedly worked with US agencies to take a key server offline to disrupt the cyberattack, allowing it to restore its system from backups.

CNN says Colonial paused its operations, because its billing system was compromised in the attack. It had to fix the system first before it could restart its business, and that took some time to accomplish. Colonial didn't confirm whether that truly was the case and whether it paid anything to the attackers.

CISA and the FBI confirmed that DarkSide was used as a "ransomware-as-a-service" to attack the pipeline company. In "ransomware-as-a-service" arrangements, the ransomware's developers get a piece of whatever the affiliates (the actual cyberattackers) get. A CNN source said the affiliate in this attack was likely Russian. DarkSide, previously said, however, that it's apolitical and that all it wanted was to "make money."