Top US fuel pipeline operator Colonial Pipeline is working around the clock to overcome a paralysing cyber attack, one of the most serious energy-sector hacks in history.

Colonial transports about 45 per cent of all fuel consumed on the East Coast of the United States and any delay in restarting supply may cause pump prices to rise. The pipeline also serves 90 US military installations and 26 oil refineries, according to Bloomberg.

Here is what we know about the hack last Friday and the group behind it.

CAN A PIPELINE BE HACKED?

Yes. Beyond physical pipes and pumps with greasy black liquid flowing through it, the entire network is run by sophisticated computers that are connected to a central system to monitor and control a wide array of sensors, valves and leak-detection tools.

"All the devices used to run a modern pipeline are controlled by computers, rather than being controlled physically by people," cyber-security expert Jon Niccolls told the BBC. "If they are connected to an organisation's internal network and it gets hit with a cyber attack, then the pipeline itself is vulnerable to malicious attacks."

HOW DID THE HACK OCCUR?

The Federal Bureau of Investigation said a group called DarkSide was responsible, stealing nearly 100GB of data before locking up computers with ransomware and demanding payment.

Both Colonial and federal officials have not explained how the breach occurred. The New York Times quoted federal officers and private investigators as saying that the ransomware was not directed at the control systems of the pipeline, but rather the back-office operations of Colonial.

Investigators found the stolen data stored in US-based servers, which were subsequently disabled by the authorities. As a result, Colonial managed to recover some of the data. Investigators believe the data's ultimate destination was Russia, according to three people Bloomberg spoke to who had knowledge of the matter.

Cyber-security experts said Colonial's system was vulnerable enough for the hackers to gain access. A preliminary investigation showed poor security practices at the company, NYT reported.

WHAT IS KNOWN OF DARKSIDE?

The group, which came to prominence last August, is believed to be based either in Russia or Eastern Europe. Ms Anne Neuberger, US deputy national security adviser for cyber and emerging technology, described it as a "criminal actor" that hires out its services to the highest bidder, and then shares "the proceeds with ransomware developers".

Global technology company Acronis said DarkSide targets only English-speaking countries while avoiding former Soviet countries, leading to widespread belief that it is somewhat linked to Russia.

WHAT'S NEXT?

Colonial said it expects to restore all services by the weekend but that may not be fast enough. There are already reports of petrol stations along the East Coast running out of fuel.

The incident underscores the vulnerability of the US' critical infrastructure, especially its energy sector. IBM Security's annual X-Force Threat Intelligence Index ranked energy as the third most-attacked industry in 2020, up from ninth place the year before.

"Everyone involved with critical infrastructure will want to understand how this happened and learn how to prevent it from occurring on their systems in the future," Mr Tobias Whitney, vice-president of energy security solutions for Fortress Information Security, told Bloomberg.