On May 7, 2021, Colonial Pipeline — operator of the largest refined-petroleum pipeline on the U.S. East Coast — was hit with ransomware by DarkSide affiliates. Colonial proactively shut down operations, triggering fuel shortages, panic buying, and price spikes across the eastern seaboard. The shutdown lasted six days. The incident drove binding cybersecurity directives for U.S. pipeline operators (TSA Security Directives Pipeline-2021-01 and -02) and remains the canonical example of cyber-induced critical-infrastructure cascade in the U.S.
Details
Date
May 7, 2021
Attribution
DarkSide ransomware-as-a-service (Russia-based affiliates)
AI involvement
none
Initial vector
Compromised legacy VPN credential (no MFA)
Ransom paid
$4.4M (75 BTC); $2.3M later recovered by FBI
Direct damage estimate
~$5B+ including operational disruption, fuel-supply impact (medium confidence)
Notable impact
5,500-mile US East Coast fuel pipeline shutdown for 6 days; emergency declarations in 17 states + DC
Related Wiki Pages
Top Related Pages
Event
Change Healthcare (2024)
Risk
Cyberweapons Risk
AI-enabled cyberweapons represent a rapidly escalating threat, with AI-powered attacks surging 72% year-over-year in 2025.
Risk
AI Flash Dynamics
AI systems interacting faster than human oversight can operate, creating cascading failures and systemic risks across financial markets, infrastruc...
Event
WannaCry (2017)
Event
CDK Global (2024)
Historical
Tags
cyber-incidentransomwarecritical-infrastructureenergydarkside