Large swathes of the East Coast are running out of the precious refined corpse juice used to fuel most of the nation’s vehicles, five days after ransomware knocked out most of the 5,500-mile Colonial Pipeline system—the biggest gasoline pipeline in the country, connecting Gulf Coast refineries to cities as far north as New York. Due to a combination of panic buying, hoarding, and regular gas guzzling, some regions have now almost completely run out. (The pipeline is coming back, see update below.)
There’s no shortage of fossil fuels; they just can’t reach their destination thanks to malware that encrypted Colonial computer systems and forced them to shut down the pipeline as a “precautionary measure.” The Colonial Pipeline system ships 2.5 million barrels of gasoline, diesel, and jet fuel a day, which Bloomberg reports is equivalent to the capacity of the entire nation of Germany. According to CNN Business, nearly two-thirds (65%) of gas stations in North Carolina were without gas as of 12:37 p.m. ET, with similar outages at 42% of stations in Georgia, Virginia, and South Carolina. Tennesee (14%), Florida (10%), Maryland (9%), and West Virginia (4%) were also running low. Some cities were even worse off: 71% of stations in metro Charlotte, 60% in Atlanta, 72% in Raleigh, and 73% in Pensacola have run dry.
The total number of stations shut down runs over ten thousand, and gas prices broke $3 a gallon, according to AAA data. Making the situation worse, the pipeline outage coincides with a shortage of fuel truck drivers. The feds have considered waiving the Jones Act, a maritime law that requires U.S.-built and manned ships to transport goods between U.S. ports, in the hope that enlisting foreign vessels could ease the logistical difficulties currently preventing gas from reaching consumers.
Bloomberg reported on Wednesday that a solution to the issue is still days away, with three distribution hubs in Pennsylvania out of gas and long lines of tanker trucks waiting to fill up in New Jersey. The network reported that Colonial will announce on Wednesday whether it will be able to begin the process of restarting the pipeline network.
“Colonial has announced that they’re working toward full restoration by the end of this week, but we are not taking any chances,” Pete Buttigieg, the Secretary of Transportation, told reporters at a press briefing on Wednesday. “Our top priority now is getting fuel to communities that need it, and we will continue doing everything that we can to meet that goal in the coming days.”
Even then, Bloomberg reported, it will take quite a bit of time for normal service to be fully restored:
Colonial has only managed to restart a small segment of the pipeline as a stopgap measure. Even when the pipeline is restored to full service, it will take about two weeks for gasoline stored in Houston to reach East Coast filling stations, according to the most recent schedule sent to shippers. For diesel and jet fuel, the transit time is even longer — about 19 days — because they are heavier and move more slowly.
The FBI believes that the hackers behind the ransomware attack belong to a gang of cybercriminals called DarkSide that has been active since August 2020 and generally does not attack targets in the former Soviet bloc, according to the Associated Press. (Cybersecurity expert Brian Krebs recommends installing a Cyrillic keyboard on your PC to avoid contamination.) Ransomware functions by infiltrating a computer network, duplicating itself to connected machines, and then locking out users from access by encrypting file systems, typically prompting them with a ransom demand in cryptocurrency. Unless there’s a known flaw in the encryption technique or cybersecurity researchers have discovered the specific encryption key used in an attack, it is practically impossible to decrypt a computer network once ransomware has triggered. Hackers have used variants of the malware to attack everything in the U.S. from hospitals and school networks to entire municipal governments in recent years, causing billions in damages.
DarkSide has tried to cultivate a reputation for only using ransomware to attack the rich, not institutions like hospitals, and has given out some of its proceeds in charitable donations. The group has also publicly announced on its website that the Colonial chaos was not intentional or motivated by political reasons. However, as Wired explains, the gang’s business model appears to be ransomware as a service, loaning out its malware and cyber infrastructure to other attackers and pocketing a slice of any profit, and it has tried to shift the blame for the Colonial incident to one of the criminal partners it works with. (Ransomware can also be indiscriminate, spreading to systems never explicitly anticipated by whoever is controlling it.) As of this time, the feds have indicated they do not believe the attack was conducted by or on behalf of a rival nation-state.
According to CBS, it remains unclear whether a ransom has been demanded or whether Colonial intends to pay–the FBI officially encourages ransomware victims not to pay such ransoms but has acknowledged they may feel they have no other choice. The Washington Post reported Colonial has enlisted cybersecurity firm Mandiant (a division of FireEye) to help it rebuild its system from backups, and that DarkSide’s access to the targeted systems has been cut off, meaning there may no longer be any incentive to pay up.
It’s easy to see why DarkSide has tried to distance themselves from the attack—disruption on this scale is drawing a massive federal response and U.S. authorities will be determined to track whoever did this down.
On Wednesday, President Biden told reporters that we should expect to “hear some good news in next 24 hours,” adding that he believes “we’ll be getting that under control.”
“I am not surprised that this happened. It was realistically only a matter of time before there was a major critical infrastructure ransomware incident,” says Brett Callow, a threat analyst at security firm Emsisoft, told Wired. “DarkSide appears to have realized that this level of attention is not a good thing and could bring governments to action. They may stay with smaller attacks now in the hope that they’ll be able to continue making money for longer.”
Update 5:19 PM: Secretary of Energy Jennifer Granholm confirmed moments ago that the CEO of Colonial Pipeline has informed her that pipeline operations would resume around 5 PM this afternoon. The juice will still take some time to make its way around the country.
Update: 6:20 PM: This article has been updated to clarify that the ransomware attack did not directly affect the pipeline control system, and Colonial took it offline as a precautionary measure.