Cyber Incident Victim: Superior Plus
Date:
Dec 2021
Location:
United States of America
Summary
A major North American natural gas and propane supplier suffered a ransomware attack, forcing temporary system shutdowns to contain the incident. The billion-dollar corporation disabled certain computer systems during its investigation and recovery efforts while working with cybersecurity experts to mitigate operational and data impacts. Operations across 780,000 customer locations in the US and Canada faced disruptions as the company assessed the full scope of the attack, requesting patience from clients during restoration. This incident occurred amid heightened industry scrutiny following high-profile ransomware attacks on critical energy infrastructure earlier in the year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 12, 2021, Superior Plus Corporation—a billion-dollar natural gas and propane supplier operating across the United States and Canada—experienced a ransomware attack that disrupted its operations. The company publicly disclosed the incident the same day it began, confirming it had temporarily disabled specific computer systems and applications to investigate the breach. Superior Plus engaged an unnamed cybersecurity firm to assist in securing its infrastructure, mitigating the attack’s impact on data and operations, and restoring affected systems. While the corporation acknowledged the ransomware’s disruption, it did not identify the threat actor group responsible or specify which systems were compromised. Operations across its propane delivery services to 780,000 customer locations and Canadian natural gas distribution were impacted, though the full scope remained under assessment at the time of reporting. Superior Plus urged customers for patience as it worked to resolve the incident, emphasizing efforts to minimize operational consequences while maintaining safety protocols for its 4,300 employees.
The attack occurred against a backdrop of heightened ransomware threats targeting critical energy infrastructure, notably following the Colonial Pipeline incident in May 2021. Superior Plus, which reported over $1.8 billion in annual revenue, joined a growing list of energy sector victims facing disruptive cyber extortion attempts. Unlike Colonial Pipeline—which publicly attributed its attack to the DarkSide ransomware group and paid a $5 million ransom—Superior Plus withheld details about ransom demands, payment status, or data compromise. Its response focused on containment through system isolation and gradual restoration, avoiding commentary on whether threat actors exfiltrated data or deployed encryption across its networks. The company’s specialty chemicals division and cross-border operations in the U.S. and Canada faced potential cascading effects, though no service interruptions or safety incidents were explicitly confirmed in initial disclosures. Federal recovery efforts following Colonial’s breach, including the U.S. Department of Justice’s partial ransom seizure, underscored the systemic risks ransomware posed to energy suppliers but did not directly influence Superior Plus’s public response strategy.