May 15, 2021 - Energy & Environment

Colonial Pipeline resumes normal operations after ransomware hack

Fuel tanks at Colonial Pipeline's Dorsey Junction Station on May 13 in Washington, D.C.

A fuel tank at Colonial Pipeline's Dorsey Junction Station on May 13, 2021 in Washington, D.C. Photo: Drew Angerer/Getty Images

Colonial Pipeline resumed normal operations on Saturday after a ransomware attack forced the pipeline to shut down last week, the company announced.

Why it matters: The pipeline is now delivering fuel to states that had experienced gas shortages at the same capacities as before the extortion scheme hit the critical pipeline, which runs from Texas to New York and carries roughly 100 million gallons of fuel per day.

Context: Colonial Pipeline restored limited services on Wednesday but said it would take several days for the product delivery supply chain to return to normal.

What they're saying: "Our team members across the pipeline worked safely and tirelessly around the clock to get our lines up and running, and we are grateful for their dedicated service and professionalism during these extraordinary times," the company said.

  • "Colonial has and will continue to put safety and system integrity first and will invest the required resources to maintain safe and reliable operations of our pipeline."

According to crowdsourced data collected by GasBuddy, gas stations in 13 states and the District of Columbia were still experiencing fuel shortages as of 9:12 A.M. ET on Saturday

  • Patrick De Haan, a senior petroleum analyst at Gasbuddy, said in a tweet Thursday that it could take between two and 14 days for fuel services to be fully restored depending on the state.

The big picture: The hacker group DarkSide, which was responsible for the ransomware attack that shut down the pipeline, claims to be shutting down after it lost access to the infrastructure needed to carry out its extortion operations.

  • Yes, but: Security experts warn that cyber criminal groups often disband and return under different names, and it therefore can't be determined if the disruption to DarkSide's infrastructure is legitimate or permanent.
Go deeper