The complaint, which was announced by the law firm of Morgan & Morgan, alleges Colonial failed to adequately safeguard its pipeline’s computer systems, leading to a breach on April 29 and a subsequent successful ransomware attack.
“EZ Mart 1 and other similarly situated gas stations allegedly suffered significant monetary losses during and after the five days that passed before the company restarted the gas pipeline,” Morgan & Morgan said in a statement.
The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems.
Colonial is also facing another lawsuit, this one filed May 18 in the U.S. District Court for the Northern District of Georgia. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.
On June 7, U.S. investigators announced they had recovered most of the ransom paid to the Russian-based hackers known as DarkSide by Colonial Pipeline.
In June, Colonial CEO Joseph Blount told Congress the hackers infiltrated the company’s IT systems through a legacy VPN system that was not intended to be in use.
“We are deeply sorry for the impact that this attack had,” Blount told Congress. “We quietly and quickly worked with law enforcement in this matter from the start, which may have helped lead to the substantial recovery of funds recently announced by U.S. Department of Justice.”
The company decided soon after the attack to pay ransom of 75 bitcoin, then valued at roughly $4.4 million. Though the FBI has historically discouraged ransomware payments for fear of encouraging cyberattacks, Colonial officials have said they saw the transaction as necessary to resume the vital fuel transport business as rapidly as possible.
Blount told Congress the company was in the process of accepting a TSA offer for a comprehensive cybersecurity review when the pandemic struck.
Ransomware attacks — in which hackers encrypt a victim organization’s data and demand a hefty sum for returning the information — have flourished across the globe. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.
Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil’s JBS SA, the world’s largest meat processing company.
The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data — and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.