Colonial Pipeline, one of the largest fuel pipelines in the U.S. and a major supplier of the country’s fuel, has been temporarily shut down due a cyberattack, the company that runs it said Friday.
The Colonial Pipeline Company, headquartered in Alpharetta, Georgia, said it learned earlier Friday it was the victim of an unspecified cyberattack and had shut down some of its systems in response.
Colonial said in a statement that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
More than 5,500 miles long, the Colonial Pipeline system runs from Houston, Texas, to the New York Harbor, making it a major conduit of refined petroleum products for the eastern and southern U.S.
Colonial boasts online of the pipeline being used to transport roughly 45% of all fuel consumed on the East Coast, including gasoline, diesel, jet fuel, home heating oil and fuel for the military.
Prior to being abruptly suspended, the Colonial Pipeline system transported an average of more than 100 million gallons of fuel each day to consumers in the U.S., according to the company’s website.
Colonial said in the statement that it has engaged a third-party cybersecurity firm to investigate the incident and has contacted unspecified law enforcement and other federal government agencies.
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” Colonial said in the statement. “This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its parent agency, the Department of Homeland Security (DHS), described the cyberattack on Saturday as ransomware-related.
Ransomware, a type of malicious software, typically makes an infected system inoperable until the perpetrator is paid. Recovering fully, even when the ransom is paid, is never guaranteed, however.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” CISA said in a statement it shared on social media.
“Every organization must be vigilant and strengthen its cybersecurity posture against ransomware and other types of cyber-attacks,” said Homeland Security Secretary Alejandro Mayorkas.