Colonial Pipeline ransomware attack

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

The Federal Motor Carrier Safety Administration issued a regional emergency declaration for 17 states and Washington, D.C., to keep fuel supply lines open on May 9. It was the largest cyberattack on an oil infrastructure target in the history of the United States. The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party. The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.

On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (about 84% of the original payment) from the ransom payment, but due to a crash in the value of Bitcoin in late May, the recovered bitcoins were worth only around $2.3 million USD, roughly half of their original value.

This was one of first high profile corporate cyber attacks which started from a breached employee personal password likely found on the dark web rather than a direct attack on the company's systems.