2021 Colonial Pipeline Ransomware Attack

2021 Colonial Pipeline Ransomware Attack

On May 6, 2021 Colonial Pipeline, “the largest refined products pipeline in the U.S (Colonial Pipeline),” was a victim of data theft followed by a ransomware attack beginning May 7, 2021 and ending May 12, 2021. Even though the initial requested ransom of 75 bitcoin with an estimated value of $4.4 million at the time, was paid promptly on May 7th, President Joe Biden still made an emergency declaration on May 9th. The pipeline did not return to normal operations until May 12, 2021. Fortunately, shutting down the pipeline during the initial phase of the attack helped to ensure the operational technology network responsible for physically moving the oil was not compromised (Tech Target).

The shutdown caused disruptions along the East Coast as gas supplies became scarce, leading to price increases and shortages. Airline operations also experienced setbacks due to the shutdown (CNBC). DarkSide’s attack on the pipeline led to the Biden Administration’s “Executive Order on Improving the Nation’s Cybersecurity,” an order implemented to strengthen cybersecurity practices across U.S. government agencies. This order emphasized the need for increased threat information sharing across agencies, called for securing the software supply chain, and resulted in the creation of the Cyber Safety Review Board (The White House).

Date of event: May 7, 2021 – May 12, 2021


  • 100 gigabytes of data stolen (Tech Target)
  •  All 5,500 miles of pipeline was shut down (CNBC)
  • Approximately $5 million in ransom was paid to attackers (CNBC)
  • Gas prices rose an estimated average of 4 cents per gallon in many locations reliant upon the pipeline (Science Direct)

Related Resources: 

HSDL Featured Topics: Cyber Crime and National Security | Cyber Infrastructure Protection | Ransomware

HSDL Search: Cyber Attacks | National Security | Infrastructure Security

Scroll to Top