What happened in the Colonial Pipeline ransomware attack

Colonial Pipeline, the operator of a major pipeline system that transports fuel across the East Coast said it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat.

It may seem too late to fill the position now, but Colonial Pipeline, the target of the biggest pipeline hack in history, began searching for a cyber-security manager nearly two months ago.

Colonial Pipeline, a Georgia-based oil company, sought someone to manage a team of security experts in order to “develop, validate and maintain an incident response plan and processes to address potential threats.” Job requirements included a bachelor’s degree in computer science, information security or a related field, according to an on Colonial’s website. 

The job posting also appeared on search sites such as Indeed, ZipRecruiter and GlassDoor. 

A spokesperson for the company told FOX Business that the position – which has been open for more than 30 days – was not created as a result of the ransomware attack and is part of a broader initiative by the company to “continue building our current cybersecurity team.” 

“We have several positions open as part of our longer-term growth strategy around talent, as we are constantly recruiting top-tier talent across all functional areas of our business,” the spokesperson added.

The ransomware attack crippled North America’s biggest fuel pipeline late last week, cutting off almost half of the gasoline and diesel burned on the nation’s East Coast. Gas stations across several states have run out of fuel amid panic-buying and a lack of supplies. The average gasoline price has surged over the past week, ticking above $3 for the first time since 2016, AAA said.

Panic-Buying Creates Long Lines at North Carolina Gas Stations

Long lines and empty pumps were seen at gas stations in Durham, North Carolina, on Tuesday, May 11, amid panic-buying of fuel following the shutdown of the Colonial Pipeline due to a cyberattack.(Credit: Lehew Tech)

It’s still unclear how the hackers – Russian speakers from DarkSide, a notorious ransomware gang – managed to breach the company’s network and go undetected.

Colonial said it’s likely to restore service on the majority of its pipeline by Friday.

“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said in a statement.

But it maintained that the situation “remains fluid and continues to evolve,” and that it’s an incremental process. 

“This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week,” the company added.