Colonial Pipeline Ransomware Shuts Down US East Coast Fuel Supply for Five Days
What happened
DarkSide ransomware operators compromised Colonial Pipeline via a leaked VPN credential with no MFA. The company shut down 5,500 miles of pipeline as a precaution, causing fuel shortages across the US East Coast and a $4.4 million ransom payment. The FBI recovered approximately $2.3 million of the ransom.[1]
What went wrong
A single legacy VPN account with a reused, previously leaked password and no multi-factor authentication was the entry point. The company's IT and OT networks were insufficiently separated, making shutdown of the pipeline a precautionary necessity rather than a targeted attack outcome.[1]
Lesson learned
MFA on all remote access accounts is not optional for critical infrastructure. IT and OT network separation must be air-tight — operational systems should never be reachable from compromised corporate networks. Password reuse across breached credentials is an ongoing, manageable risk.