back to article Colonial Pipeline suffers server gremlins, says it's not due to another ransomware infection

The Colonial Pipeline is in a bit of trouble again. The oil conduit that shut down this month after its operators were hit with ransomware suffered glitches with its technology on Tuesday while trying to sort out its IT woes. The temporary computer outage was, so the Colonial Pipeline company said on Twitter, “not related to …

  1. Anonymous Coward
    Anonymous Coward

    Stuck on the Software Treadmill

    Let me guess what's happened. Their vulnerable software was running on an older Windows version and part of the recovery process was to update to "the latest" version. The result will be that they're now hardened against attackers but half their applications are now not working properly.

    (Rumor has it that they were taken down by a single phishing email. Anyone able to confirm this?)

    1. Anonymous Coward
      Anonymous Coward

      Re: Stuck on the Software Treadmill

      There I was thinking they had maybe locked down their firewall and applications stopped working...

      One would hope that the oil/gas industry knows a thing or two about firewalls.

    2. sanmigueelbeer

      Re: Stuck on the Software Treadmill

      Rumor has it that they were taken down by a single phishing email. Anyone able to confirm this

      Well, the company advertised for an InfoSec position.

      What if someone submitted a rigged document disguised as a CV? Talk about "social engineering".

    3. HereIAmJH

      Re: Stuck on the Software Treadmill

      My guess would be that they hardened their network; turning off protocols, crypto suites, and ports that are vulnerable or not needed. And as a result their distributed software couldn't make the connections to various services it needed.

      As an example, I've seen .NET 4.7.x applications running on Win2016 that would insist on using TLS10 on a system that only has TLS12 enabled. So the apps fail when you start locking down.

      Since they neglected security until it was too late, now they will have lots of heartburn while they clean and secure their systems.

  2. Pascal Monett Silver badge

    "but then opted to restore from its own backups anyway"


    So you rewarded criminals for nothing.

    I hope that gets put on your tombstone.

    1. rcxb Silver badge

      Re: "but then opted to restore from its own backups anyway"

      Not necessarily. They may have restored from a previous backup to get their system up and running quickly, but would have still needed the decryption tool to get the most current data (e.g. sales) for use later. It's a shame the criminals didn't want more.

  3. Anonymous Coward

    We'll never know

    As far as the hack itself, to quote one consulting firm: "We found glaring deficiencies and big problems," said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. "I mean an eighth-grader could have hacked into that system."

    As far as the problem with their nomination process (which is apparently oil speak for requesting a delivery), they say that they were hardening their system as it was restored. But the actual processing of nominations is done by an independent company, Transfer4, so no one (least of all them) knows what they did to bork the data interactions.

    Since Colonial Pipeline is unregulated and Transfer4 is a private company, we'll probably never know the details.

    1. jake Silver badge

      Re: We'll never know

      "we'll probably never know the details."

      I rather suspect that the clusterfuck was so fucked that THEY will never know, either. That's what happens when Moneybags controls the network, instead of IT.

      Been there, done that, all too many times. Moneybags never learns.

  4. a_yank_lurker

    Returning to Normal

    Living in the affected area, gas (petrol) is becoming easier to find though there are still spot outages at the retail level. I have been able find gas near me without any problem. It looks like we will back to normal in about a week or so. The 'official' start of the summer season starts the Memorial Day weekend (last weekend in May) so returning to normal will be most welcome.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like