Colonial Pipeline faces legal woes months after ransomware attack

More than two months ago, the U.S. energy infrastructure firm Colonial Pipeline was hit by a ransomware attack, an incident that resulted in shortages at gas stations along the East Coast.

Now, at least one gas station operator is taking legal action against Colonial, according to the Washington Post, signifying a new post-attack phase long after much of the ransomware funds were returned to Colonial. 

Per the Post, North Carolina gas station operator Eddie Darwich has filed suit against Colonial for negligence in what could become a wider class-action lawsuit if approved.

"Defendant owed a duty to Plaintiff and the Nationwide Class to exercise reasonable care to safeguard the Pipeline’s critical infrastructure, including protecting it from ransomware attacks, and to safeguard the flow of the product, as a critical resource over which Defendant exercised control," the complaint states.

According to the report, another lawsuit was filed in May and another law firm is seeking to build a third case against Colonial.

Against the backdrop of this legal action is a widening national security response within the U.S. government, a process being spurred on by the Biden White House.

Last week, Congress held a hearing on ransomware that focused largely on cybersecurity spending and state actors, though cryptocurrency factored in those discussions as well. White House officials have previously said that enhanced cryptocurrency analytics tools would play a role in the federal response to ransomware attacks, ostensibly in an effort to trace payments and identify those behind them.