Colonial Pipeline servers experiencing ‘intermittent disruptions’ days after ransomware attack

Colonial Pipeline announced Tuesday that its internal servers were experiencing “intermittent disruptions,” but stressed the problem was separate from the devastating ransomware attack that disrupted operations earlier this month.

“Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process,” the company tweeted. “These issues were not related to the ransomware or any type of reinfection.”

Colonial Pipeline, which supplies about 45 percent of the East Coast’s fuel supply, noted that it was working to resolve the disruptions to the nomination system, which allows pipelines to schedule gas deliveries for customers.

“We are working diligently to bring our nomination system back online and will continue to keep our shippers updated,” the company tweeted. “The Colonial Pipeline system continues to deliver refined products as nominated by our shippers.”

The disruptions come less than two weeks after cyber criminals targeted the company as part of a ransomware attack on its IT systems, forcing the pipeline to shut down for almost a week to protect operational controls. 

The shutdown caused fuel shortages in several states, and was one of the largest successful cyberattacks on a U.S. utility in history. 

Bloomberg News reported last week that Colonial Pipeline paid the hackers, who President Biden confirmed were likely based in Russia, the equivalent of $5 million to decrypt its systems and resume operations, a course of action many officials criticized.

The company has not publicly confirmed that it paid the ransom, and the Biden administration has declined to comment. 

Colonial Pipeline representatives briefed staff members of the House Homeland Security and House Oversight and Reform committees Monday, with Democratic leaders blasting the company following the briefing for refusing to comment on the ransomware payment.

“Following today’s briefing from Colonial Pipeline, we remain extremely concerned about the rise in ransomware attacks and the threat to our nation and its critical infrastructure,” House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-N.Y.) said in a joint statement Monday. 

“It is deeply troubling that cyber criminals were able to use a ransomware attack to disrupt gas supply on the East Coast and reportedly extort millions of dollars,” they added. “We’re disappointed that the company refused to share any specific information regarding the reported payment of ransom during today’s briefing. In order for Congress to legislate effectively on ransomware, we need this information.”