Ronn Torossian
Ronn Torossian

Last week, the Colonial Pipeline company, one of the largest pipelines in the country, found itself on the receiving end of a ransomware attack that created a major crisis for the company as well as the rest of the nation. This unfortunate event has provided some important lessons for both PR professionals and business leaders regarding how to respond to and manage crisis PR situations.

During ransomware attacks, hackers access computer networks and lock them up by encrypting data. They’re then able to demand payment before decrypting the system so the victim of the hack can access that data again. In recent years, these types of cyberattacks have affected organizations from universities to hospitals to banks. In fact, nearly 2,500 organizations around the country were victims of ransomware attacks in 2020 alone.

Recently, ransomware attacks have become more frequent in the industrial sector. That’s because companies in this sector are more willing to pay up so they can regain control of their systems. Industrial companies are more willing to pay, because data downtime can cost the sector millions of dollars. Halting operations due to a data lockout can create chaos around the country. That’s precisely what happened with the Colonial Pipeline.

The entire fuel pipeline operator had to shut down its network due to the ransomware attack, which underscored the vulnerabilities the industrial sector has against such threats. Additionally, when news of the attack was made public by a statement from the Colonial Pipeline, it led to panic-buying of gas. People across North Carolina rushed out to top off, including those that didn’t even need to do so.

Because of this gas-buying frenzy, in less than 24 hours more than 60 percent of the gas stations around North Carolina were completely out of fuel. Both Colonial Pipeline as well as state officials were discouraging the public from panic buying. They also stated that the pipeline would resume normal operations within 48 hours.


The first step during events such as cybersecurity attacks is to inform the public about it, which is precisely what Colonial Pipeline did through its own website. The company stated that as soon as it learned about the attack, staff proceeded to proactively take certain systems offline in an attempt to contain the threat. The company also stated that the operations of the pipeline would be temporarily stopped.

However, there were no clear details about the attack itself in that statement, such as the demands of the hackers or the time of the attack.


Another essential part of crisis communications is for companies to establish priorities both internally and externally. During last week’s crisis, the pipeline company released a statement stating that it would be working with a third-party cybersecurity company and that it had already begun an investigation into the incident.

Additionally, the main focus of the company was to understand and resolve the issue in a safe and efficient manner, so that operations could return to normal. Finally, the company also highlighted the importance of resolving the issue promptly so that the public and the nation wouldn’t be as affected.


Ronn Torossian is CEO of 5WPR.