{
	"id": "77bbd869-12e0-4d29-9e5a-8352a60201c2",
	"created_at": "2026-04-06T00:07:56.955933Z",
	"updated_at": "2026-04-10T03:24:30.151984Z",
	"deleted_at": null,
	"sha1_hash": "fe5d6f8551a345b3271f4191abf34cbc7a6cdde5",
	"title": "Largest U.S. pipeline shuts down operations after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 4151479,
	"plain_text": "Largest U.S. pipeline shuts down operations after ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2021-05-08 · Archived: 2026-04-05 15:09:32 UTC\r\nUpdate: Added new statement from Colonial Pipeline at the end of the article.\r\nColonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to\r\nbe a ransomware attack.\r\nColonial Pipeline transports refined petroleum products between refineries located in the Gulf Coast and markets throughout\r\nthe southern and eastern United States. The company transports 2.5 million barrels per day through its 5,500 mile pipeline\r\nand provides 45% of all fuel consumed on the East Coast.\r\nhttps://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nColonial Pipeline system map\r\nAccording to a report by CNBC, Colonial Pipeline suffered a ransomware attack yesterday that forced them to shut down\r\ntheir entire network to prevent the spread of the malware.\r\nToday, Colonial Pipeline issued a statement confirming the attack and stated that they temporarily shut down their pipeline\r\noperations while responding to the attack.\r\n\"On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. In response, we proactively\r\ntook certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of\r\nour IT systems.\"\r\n\"Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an\r\ninvestigation into the nature and scope of this incident, which is ongoing,\" Colonial Pipeline said in a statement.\r\nDarkSide ransomware believed to be responsible\r\nA US official has told the Washington Post that it is believed that the DarkSide ransomware operation is behind the attack.\r\nBleepingComputer was the first to report about the DarkSide ransomware operation, which launched in the middle of\r\nAugust 2020.\r\nLike other enterprise-targeting ransomware operations, when DarkSide gains access to a corporate network, they will quietly\r\nspread to other devices while gathering credentials and stealing unencrypted documents.\r\nOnce they gain access to Windows domain credentials, they will deploy the ransomware throughout the network to encrypt\r\ndevices.\r\nIf DarkSide conducted the attack, the threat actors likely stole data, which will be used to extort Colonial Pipeline in their\r\nransom demands.\r\nHigh profile attacks previously conducted by the DarkSide gang include CompuCom, Discount Car and Truck\r\nRentals, Brookfield Residential, and Brazil's Companhia Paranaense de Energia (Copel).\r\nhttps://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nPage 3 of 5\n\nUpdate 5/8/21: The FBI today confirmed that the Colonial Pipeline cyberattack was conducted by the DarkSide ransomware\r\noperation.\r\nColonial Pipeline also issued an updated statement explaining that they are working with the US Department of Energy to\r\nslowly bring segments of the pipeline back online.\r\n\"Colonial Pipeline continues to dedicate vast resources to restoring pipeline operations quickly and safely.\r\nSegments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal\r\nregulations and in close consultation with the Department of Energy, which is leading and coordinating the\r\nFederal Government’s response.\r\nRestoring our network to normal operations is a process that requires the diligent remediation of our systems, and\r\nthis takes time. In response to the cybersecurity attack on our system, we proactively took certain systems offline\r\nto contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To\r\nrestore service, we must work to ensure that each of these systems can be brought back online safely.\r\nWhile this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that\r\ninvolves an incremental process that will facilitate a return to service in a phased approach. This plan is based on\r\na number of factors with safety and compliance driving our operational decisions, and the goal of substantially\r\nrestoring operational service by the end of the week. The Company will provide updates as restoration efforts\r\nprogress.\r\nWe continue to evaluate product inventory in storage tanks at our facilities and others along our system and are\r\nworking with our shippers to move this product to terminals for local delivery. Actions taken by the Federal\r\nGovernment to issue a temporary hours of service exemption for motor carriers and drivers transporting refined\r\nproducts across Colonial’s footprint should help alleviate local supply disruptions and we thank our government\r\npartners for their assistance in resolving this matter.\r\nOur primary focus continues to be the safe and efficient restoration of service to our pipeline system, while\r\nminimizing disruption to our customers and all those who rely on Colonial Pipeline. We appreciate the patience of\r\nthe traveling public and the support we have received from the Federal Government and our peers throughout the\r\nindustry.\"\r\nhttps://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nPage 4 of 5\n\n5/8/21: Added possible attribution to DarkSide ransomware\r\n5/10/21: FBI confirmed DarkSide ransomware attack and Colonial Pipeline update their statement.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/"
	],
	"report_names": [
		"largest-us-pipeline-shuts-down-operations-after-ransomware-attack"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434076,
	"ts_updated_at": 1775791470,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fe5d6f8551a345b3271f4191abf34cbc7a6cdde5.pdf",
		"text": "https://archive.orkl.eu/fe5d6f8551a345b3271f4191abf34cbc7a6cdde5.txt",
		"img": "https://archive.orkl.eu/fe5d6f8551a345b3271f4191abf34cbc7a6cdde5.jpg"
	}
}