NEW YORK—Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack that the company said was caused by ransomware.
The shutdown has raised fears of a price spike at the gas pumps ahead of peak demand summer driving season if it persists, and has drawn attention to how critical U.S. energy infrastructure is vulnerable to hackers.
Colonial transports 2.5 million barrels per day of gasoline, diesel, jet fuel, and other refined products through 5,500 miles (8,850 km) of pipelines linking refiners on the Gulf Coast to the eastern and southern United States.
The company said it shut down systems to contain the threat after learning of the attack on Friday. That action also temporarily halted operations and affected some of its IT systems, the company said.
While the U.S. government investigation is in its early stages, one former official and two industry sources said the hackers are likely a highly professional cybercriminal group. Investigators are looking into whether a group dubbed “DarkSide” by the cybersecurity research community is responsible, the former government official said.
DarkSide is known for deploying ransomware and extorting victims, while selectively avoiding targets in post-Soviet states.
The malicious software used in the attack was ransomware, Colonial said on Saturday. Ransomware is a type of malware that is designed to lock down systems by encrypting data and demanding payment to regain access. The malware has grown in popularity over the last five years.
Colonial has engaged a third-party cybersecurity firm to launch an investigation and contacted law enforcement and other federal agencies, it said.
Cybersecurity company FireEye has been brought in to respond to the attack, the cybersecurity industry sources said. FireEye declined to comment.