Another ransomware attack
Visit Colonial Pipeline’s corporate website and you’ll learn that the Alpharetta, Ga., energy company is “committed to excellence” and that “safety, environmental stewardship, and first-class customer service” drive its operating philosophy.
What you won’t find is any mention that the company that operates the largest refined fuels pipeline in the U.S. was brought to its knees by computer hackers Friday.
In a brief statement Saturday, Colonial said it learned the previous day that hackers were trying to extort it using ransomware.
Companies have reasons for going mum when hacked. They’re worried about reputational damage. But in an era in which nation-states and roving freelancers have turned rival governments, corporations, universities, hospitals, and other institutions into digital piñatas, hunkering down only perpetuates the problem.
The Colonial intrusion apparently was the handiwork of a cybercrime gang called DarkSide, which pulled off an attack that shuttered a pipeline system traversing some 5,500 miles and supplies 50 million Americans and the U.S. military with everything from gasoline and jet fuel to home heating oil and diesel. The shutdown has a whiff of the apocalyptic about it, and is the stuff that gives national security experts nightmares.
Companies and the government should do a better job of insulating those networks by being transparent, communicative and proactive about threats. At some point, the wake-up calls will morph into unmanageable disasters.