Colonial Pipeline sued for gas crisis from ransomware attack

Hackers gained entry to Colonial's networks through a virtual private network account through which employees could remotely access the company's computer network.
Hackers gained entry to Colonial's networks through a virtual private network account through which employees could remotely access the company's computer network.PHOTO: REUTERS

ATLANTA (BLOOMBERG) - Colonial Pipeline was sued by a gas station seeking to represent thousands more over the ransomware attack in May that paralysed the US East Coast's flow of gasoline, diesel and jet fuel.

EZ Mart 1, a two-pump station in Wilmington, North Carolina, buys its fuel from a distributor supplied by Colonial, according to a complaint filed on Monday (June 21) in federal court in Georgia.

Colonial's headquarters, in Alpharetta, is the site of the "control centre" where the electronic ransom note was discovered, EZ Mart says in the lawsuit, in which it seeks to represent more than 11,000 gas stations and asks for unspecified monetary damages.

The hack occurred "despite advance knowledge and warnings", and in the lead-up to the attack Colonial "repeatedly ignored and rejected efforts by the applicable regulatory agency to meet with it so as to check on its cybersecurity", EZ Mart alleges.

A spokesman for Colonial said the company does not comment on pending litigation but "worked around the clock to safely restart our pipeline system following the cyberattack against our company".

Hackers gained entry to Colonial's networks on April 29 through a virtual private network account, or VPN, through which employees could remotely access the company's computer network, a cybersecurity official who responded to the attack has said.

The VPN account, which has since been deactivated, did not use multifactor authentication, a basic cybersecurity tool, so the hackers could breach the network using just a compromised username and password. It is not clear how they came up with the right credentials.

The hack affected 45 per cent of the East Coast's fuel supply, driving up gasoline prices and sparking shortages at filling stations after the company shut down the roughly 8,851km (5,500-mile) pipeline on May 7.

Colonial "had no plan in place for ransomware attacks and had left up a legacy VPN system without shutting off logins and passwords for old employees", which its own experts called "a basic failure", the gas station alleges.

While apologising for the massive disruption, Colonial's chief executive officer, Joseph Blount, has defended the company's response, including his decision to pay the hackers - an affiliate of a Russia-linked cybercrime group known as DarkSide - US$4.4 million (S$5.9 million) in ransom.

"I believe with all my heart it was the right choice to make," Mr Blount told US lawmakers this month. In a hearing on Capitol Hill, they criticised Colonial's cybersecurity practices, asking Mr Blount why the company had not hardened its systems before an attack occurred.

In addition to the Colonial hack, Russia-linked criminal gangs have recently been blamed for a ransomware attack against meat supplier JBS SA, which disrupted operations in the US, Canada and Australia.

President Joe Biden last week said after a summit in Geneva that he warned Russian President Vladimir Putin against further cyberattacks on US infrastructure.

In the lawsuit, EZ Mart claims it has been clear for years that the sector is "especially vulnerable" to both conventional and cyber criminals. The complaint details a history of such warnings and attacks.