US declares state of emergency after ransomware hits largest pipeline

US declares state of emergency after ransomware hits largest pipeline

The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.

After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.

The declaration aims to provide assistance to areas in need of an immediate supply of gasoline, diesel, jet fuel, and other refined petroleum products.

Relaxed rules for fuel transport

The states and jurisdictions affected by the pipeline shut down and included in the Emergency Declaration are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

Commercial motor vehicle operations providing direct assistance by transporting refined petroleum products to the affected states are exempt from parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs).

“Direct assistance terminates when a driver or commercial motor vehicle is used in interstate commerce to transport cargo or provide services not in support of emergency relief efforts related to the shortages of gasoline, diesel, jet fuel, and other refined petroleum products due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system in the Affected States, or when the motor carrier dispatches a driver or commercial motor vehicle to another location to begin operations in commerce” – the FMCSA [PDF]

The derogations apply only for the duration of the emergency state caused by “the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system.”

The provisions of the declaration are currently in effect and shall remain so until the end of the emergency state or until 11:59 P.M. (ET), June 8, 2021, whichever comes first.

Colonial Pipeline’s operations are vital for markets and refineries on the East Coast, accounting for 45% of all fuel consumed in the region.

Its transport infrastructure can carry at least 2.5 million barrels of refined petroleum products every day to points throughout the southern and eastern U.S.

Eyes on Darkside ransomware

In a statement on Saturday, the Colonial Pipeline Company said it was the victim of a ransomware attack. Proactive action forced the company to take offline certain systems that put a temporary stop to all pipeline operations.

An update on Sunday informed that a restart plan was in the works, with “some smaller lateral lines between terminals and delivery points” being operational. At the time, mainlines 1, 2, 3, and 4 continued to be offline.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations” – the Colonial Pipeline Company

U.S. officials told multiple publications that behind the attack is Darkside ransomware, an operation that emerged in mid-August 2020. The gang focuses on corporate targets and steals data before deploying the encryption routine.

Read the original article over at BleepingComputer.com.