One of the most important energy pipelines in the U.S. has been closed by a cyberattack. Colonial Pipeline — a critical source of supply for the New York region — was the victim of the biggest ransomware attack on a U.S. fuel pipeline and halted all operations on its system late Friday. It’s the latest such attack on U.S. critical infrastructure.

1. What is Colonial Pipeline?

Founded in 1962, Colonial connects refineries primarily in the Gulf Coast with customers and markets throughout the southern and eastern U.S. through a pipeline system that spans more than 5,500 miles (8,850 kilometers). Colonial says it transports about 45% of all fuel consumed on the East Coast, providing refined products to more than 50 million Americans.

2. Which types of fuel?

It is a major transporter of gasoline, diesel and jet fuel, with the capacity to send about 2.5 million barrels a day from Houston as far as North Carolina, and another 900,000 barrels a day to New York. The company also supplies fuel to the U.S. military. The majority of the system is underground.

Colonial Pipeline storage tanks are seen in Woodbridge, N.J., Monday, May 10, 2021. Gasoline futures are ticking higher following a cyberextortion attempt on the Colonial Pipeline, a vital U.S. pipeline that carries fuel from the Gulf Coast to the Northeast. (AP Photo/Ted Shaffrey) NJSW105 NJSW105
FBI blames attack on criminal syndicate DarkSide

3. What is ransomware?

It’s a form of malicious software, “malware” for short, that essentially makes files and data stored on computers inaccessible, effectively holding a device hostage until a fee is paid to restore it to normal. If victims don’t pay, either they restore files from a backup or lose them forever. In many cases, hackers give victims a deadline — say 72 hours — after which the price doubles. If the targets refuse to pay, their computers will be permanently locked — a serious problem for people who haven’t backed up their data.

4. Who carried out this attack?

The attack appeared to use a ransomware group called DarkSide, according to Allan Liska, senior threat analyst at cybersecurity firm Recorded Future. DarkSide first surfaced in August 2020, according to a blog post from the cybersecurity firm Cybereason, and uses the double extortion method in which it not only encrypts a victim’s data but exfiltrates it and threatens to make it public unless the ransom is paid.

5. Has this happened before?

Colonial is just the latest example. According to data compiled by Temple University, there were 396 ransomware attacks on critical infrastructure in 2020, up from 205 in 2019 and 70 in 2018. Hackers are increasingly attempting to infiltrate essential services such as electric grids and hospitals. The escalating threats prompted the White House to respond in April with a plan to increase security at utilities and their suppliers. Pipelines are a specific concern because of the central role they play in the U.S. economy.

6. Who might be affected first by the shutdown?

A key concern is meeting product demand in the U.S. Southeast, which is especially dependent on the Colonial system, people familiar with the situation said. Drivers in landlocked and car-dependent Atlanta may be the first to feel the pinch at the pump. The Northeast can secure gasoline shipments from Europe but it will come at an increasing cost the longer the pipeline stays shut.

7. Is there an alternative route for the fuels?

One potential way is the Kinder Morgan-operated Plantation Pipeline, even though it only extends as far north as Washington D.C. and has a capacity of 720,000 barrels a day, far short of Colonial’s. And while all of the major segments of Colonial’s system remain offline, some smaller so-called laterals connecting specific fuel terminals to delivery points are in service. Meantime, President Joe Biden has at his disposal an array of emergency powers that could help alleviate the pressure.