Ransomware attack forces shutdown of major U.S. fuel pipeline

A major U.S. fuel pipeline running from Texas to New York has been taken offline by its operator because of a ransomware attack, Colonial Pipeline said Saturday.

Why it matters: It's a significant breach of critical infrastructure and comes on the heels of multiple other major cyberattacks on both U.S. companies and the federal government.

Colonial Pipeline, which carries 45% of the East Coast’s fuel supplies, shut down 5,500 miles of its pipeline in response to the attack, according to the New York Times.

• The pipeline transports around 2.5 million barrels of refined gasoline, diesel fuel or jet fuel every day, supplying harbors and airports on the East Coast.

What they're saying: "On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware," the company said in a statement.

• It did not say what was demanded or by whom.
• "In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems," Colonial Pipeline added.
• "Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing."
• "We have contacted law enforcement and other federal agencies."

The Department of Energy said in a statement it is coordinating with Colonial Pipeline, the energy industry, states, and interagency partners in responding to the incident.

• "DOE is also working closely with the energy sector coordinating councils and the energy information sharing and analysis centers, and is monitoring any potential impacts to energy supply," the department said.

Eric Goldstein, executive assistant director of the Cybersecurity and Infrastructure Security Agency's division on cybersecurity, said in a statement, "This underscores the threat that ransomware poses to organizations regardless of size or sector."

• "We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

Patrick De Haan, head of petroleum analysis at GasBuddy, said in a statement to Axios, "[There] should not be a price impact if it’s restarted in the next couple days, after that it could turn into one where prices go up. But by how much depends on if consumers panic and start buying gasoline."

Editor's note: This story has been updated with additional information from Colonial Pipeline and U.S. officials.