Cybersecurity Experts Warn Colonial Pipeline Ransomware Attack Is No Anomaly

A ransomware attack shut down Alpharetta-based Colonial Pipeline’s vital fuel artery last week.

Seth Wenig / Associated Press

Energy infrastructure experts say fuel shipments should return to normal in Atlanta by this weekend. That’s after a ransomware attack shut down Alpharetta-based Colonial Pipeline’s vital fuel artery last week.

But those who study critical infrastructure and cybersecurity say the coronavirus pandemic has already left the energy industry vulnerable.

University of North Georgia computer science professor Bryson Payne directs UNG’s Center for Cyber Operations Education. He told WABE’s “All Things Considered” producer Lily Oppenheimer that Colonial Pipeline was forced to pay its attackers a ransom — called a “double-extortion” attack.

The FBI has said the hack was carried out by Darkside, a veteran criminal cyber group with roots in Russia and Eastern Europe. News broke this week that Colonial paid its attackers a ransom of $5 million almost immediately.

In a statement written in Russian and provided to the New York Times on Friday, Darkside announced that it is shutting down, “due to the pressure from the U.S.” Darkside told the Times the group’s main web page and other public-facing resources would go offline within 48 hours.

Emory Goizueta Business School professor of information systems Ramnath Chellappa also told WABE’s Jim Burress that paying the ransom was the right move. His bigger concerns, he said, are copycat online hackers that flourish on the dark web, and in online forums.

Professor Ramnath Chellappa

“We don’t really hear about most ransomware attacks. I mean, how many firms want to reveal that they have been subjected to this? I’m pretty sure it goes on a lot more than we think,” Chellappa said.

“A lot of these high-profile hackers can actually put out the software, the techniques and the mechanisms that they used, in some of these hacking forums and groups. There could be others who may not be necessarily as sophisticated as the original ones, but they may also be able to implement those techniques.”

Deputy White House Press Secretary Chris Meagher talked about the U.S. Department of Homeland Security’s efforts this week to bolster cybersecurity with WABE’s Emil Moffatt.

“We immediately jumped into action,” Meagher said. “We have been in very close contact with Colonial Pipeline to make sure they have the resources that they need.”

Deputy White House Press Secretary Chris Meagher

Meagher did not comment further on the FBI’s investigation into Darkside.

At a news conference, President Joe Biden declined to comment on whether Colonial had paid the ransom. The company did not respond to a request for comment.

This comes as Georgia Gov. Brian Kemp has issued a new executive order extending Georgia’s state of emergency for petroleum shortages until May 22. On Monday, Kemp temporarily suspended the gas tax in Georgia in light of the cyberattack. He also announced Georgia would increase the weight limits for trucks transporting fuel.

State officials ask that Georgians only purchase the fuel they need for essential travel this weekend.