Investigators at America's largest oil pipeline are working to recover from a devastating cyberattack that disrupted oil supplies.
Hacker attack on Colonial Pipeline it is considered one of the largest attacks on a key national infrastructure in history.
The pipeline carries nearly half of the East Coast's oil supplies, and gas station prices are expected to soar if the shortage persists.
- Why Sunburst is one of the biggest cyber attacks of all time
- How to fight cybercrime
- How a hacker stole hundreds of thousands of dinars from my Facebook friends
How can a pipeline be hacked?
The first thing that comes to many people's minds when they think of the oil industry is pipelines, pumps and oily black liquid.
In reality, the type of modern operation he runs Colonial Pipeline it is extremely digitized.
Pressure sensors, thermostats, valves and pumps are used to monitor and control the flow of diesel, gasoline and jet fuel along hundreds of kilometers of pipelines.
Colonial even has a technologically advanced robot called a "smart pig" (pipeline inspection equipment), which races through its pipelines in search of any anomalies.
All this operational technology is connected to a central system.
And as cyber experts like Checkpoint's John Nichols explain, wherever there's connectivity, there's a risk of cyberattack.
"All the devices used to operate a modern oil pipeline are controlled by computers, not operated by physical humans," he says.
"If they are connected to an organization's internal network and it becomes the target of a cyber-attack, then the pipeline itself is at risk."
- A hacker tried to poison drinking water in Florida
- How hackers extorted a million dollars from an American university
- Robin Hood hackers: They give the stolen money to charity
How did the hackers get in?
Direct attacks on operational technology are rare because these systems are usually better protected, experts say.
Therefore, it is more likely that the hackers managed to gain access to the computer system of Colonial through the administrative side of this company.
"Some of the biggest attacks we've seen so far have started with email," says Nichols.
"Maybe some employee was tricked into taking over some kind of thing malware, for example.
"Recently, we also had an example of hackers breaking in by exploiting weaknesses or compromising third-party software.
"Hackers will use any opportunity to somehow infiltrate the network."
Hackers could have been inside Colonial's IT network for weeks or even months before launching a ransomware attack.
In the past, criminals would wreak havoc after finding a way to break into the software programs responsible for operating technology.
In February, a hacker managed to break into the water system of a Florida city and tried to inject a "dangerous" amount of chemical agent into it.
One worker saw this happening on the screen and nipped the attack in the bud.
In a similar way, hackers in Ukraine in the winter of 2015/16. managed to reach digital switches in a power plant and cause a power outage that felt by hundreds of thousands of people.
How can this be prevented?
The simplest way to protect operational technology is to keep it offline, without any connection to the Internet.
But this is becoming increasingly difficult for companies, as they increasingly rely on connected devices to increase efficiency.
"Traditionally, organizations have had something known as an 'air wall,'" says cybersecurity expert Kevin Beaumont.
"They would ensure that key systems operate on separate networks that are not connected to outbound IT."
"However, the nature of the changing world now means that more things depend on networking."
Who are hackers?
The FBI confirmed that the attack was carried out by Darkside, a relatively new but prolific ransomware gang believed to originate from Russia.
It is unusual for criminal gangs to attack "critical national infrastructure" - but experts such as Andy Norton, of cyber defense group Armis, say it is becoming a growing problem.
"What we're seeing now is that the 'ransomware' gangs are maturing," he says.
"Wherever there is a critical public service on the Internet, there is a greater chance that it will have to pay a ransom."
To make things more interesting, the group posted something similar to an apology for the hacking action on its darknet page.
Although they did not directly mention the Colonial, they referred to "today's news" saying:
"Our goal is to make money, not to create problems for society."
"Starting today, we will introduce moderation and vet every company that our partners want to encrypt to avoid social repercussions in the future."
Like many "ransomware" groups, Darkside runs an affiliate program allowing "partners" to use its malware to attack targets, in exchange for a percentage of the ransom earnings.
Darkside previously announced that he would begin donating some of the extorted money to charities.
How can critical services be protected?
Experts have long worried about the possibility of key national infrastructure being hacked.
Last month, the global coalition of experts, the Ransomware Task Force, declared it a "national security risk."
The group says governments must take urgent action to prevent ransom payments being made in secret.
It also wants to put pressure on countries such as Russia, Iran and North Korea, which are regularly accused of harboring ransomware groups.
But Norton also says organizations need to take responsibility.
"It is up to organizations to implement the type of cyber security that is appropriate and proportionate, and there is a consensus that stricter action by regulators is necessary to implement all of this," he says.
Follow us on Facebook i Twitter. If you have a topic proposal for us, contact us at bbcnasrpskom@bbc.co.uk
Bonus video:
