The Colonial Pipeline cyberattack took place on Friday, May 7, 2021, when Colonial Pipeline suffered a malware attack that forced them to shut down their system.[1][2][3] The attack halted all of the pipeline's operations.[4][5][6][7] Colonial Pipeline said that the attack affected some of their information systems. President Biden declared a state of emergency on Sunday, May 9.[8][9] Politico said it was "what is believed to be the largest successful cyberattack on oil infrastructure in the country's history" and was told by a source that the attack was carried out by a ransomware criminal enterprise called DarkSide, not a nation-state.[10] The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.[11]
The Colonial Pipeline carries gasoline, diesel and jet fuel from Texas to as far away as New York. About 45% of all fuel consumed on the East Coast arrives via the pipeline system.[3] The attack came amid growing concerns over the vulnerability of infrastructure to cyberattacks after several high-profile attacks, including the 2020 SolarWinds hack that hit multiple government agencies, including the Pentagon, the Treasury Department, the State Department and the Department of Homeland Security.[3]
After Colonial Pipeline reported that its corporate computer networks were hit by the ransomware attack, the company shut down the pipeline as a precaution due to a concern that the hackers might have obtained information allowing them to carry out further attacks on vulnerable parts of the pipeline.[4] The day after the attack, Colonial could not confirm when the pipeline would resume normal functions.[4] The attackers also stole nearly 100 gigabytes of data and threatened to release it on the internet if the ransom was not paid.[11]