Ransomware Attack at Colonial Pipeline Company

Teaching Note for HBS Case No. 123-069. On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth about $4.4 million at the time) in exchange for the decryption tool needed to unlock the data. To contain the system infection, the control room promptly shut down all company pipelines that transported nearly half of all refined oil products consumed in the East Coast of the United States. Within hours, external experts and governmental authorities were assembled to help but information was still limited on how to manage the cyberattack. As the passing of every minute threatened the oil supply to 13 states and the nation’s capital, CEO of Colonial Pipeline, Joseph Blount had to make one crucial decision: whether to pay the ransom or not.

The case discusses Colonial Pipeline’s cybersecurity practices, ransomware trends, detail of the ransomware attack at Colonial, impact of the attack, Colonial’s response to the attack, and post-attack repercussion. Overall, the case prompts readers to contemplate how organizations should prevent and respond to the ever-increasing threat of cyber breaches.