Gas stations across the United States experienced gasoline shortages due to the shutdown of Colonial Pipeline. The shortages resulted in some gas stations running out of gasoline, while others were packed with long lines of customers waiting to buy gasoline. Unsurprisingly, the shortage prompted gasoline hoarding.
It was a ransomware attack. Ransomware typically encrypts the victim’s data to make it inaccessible, and then the attacker demands money to decrypt it. Like Denial-of-Service (DoS) attacks, ransomware is used to cause some form of disruption or prevent access to something that people need.
This type of malware frequently affects Windows machines, as well as unsecured machines in general. Ransomware requires operating system (OS) privileges that enable it to access and encrypt important data. Inadequately configured privileges are a common problem on both personal computers industrial ones.
Modern industrial control systems often have control software running on a computer that provides a dashboard with metrics and controls to operate equipment (for example: pipelines). Such a system can be designed to interface with microcontrollers in such a way that enables operators to bypass the computer running the dashboard software.
The microcontroller (which is not vulnerable to ransomware) would then keep the equipment running. This is both useful and crucial if the computer is infected by malware as it enables operators to simply cut the infected computer out of the equation and keep the pipeline running while the computer is being restored. The pipeline’s operation could continue with a conventional override switch.
Colonial Pipeline — operated by Colonial Pipeline Company transports fuels between Texas and New York, and is one of the largest pipelines in the United States. Operation of the pipeline is expected to be restored by Memorial Day.