Colonial Pipeline pays $5 million ransom to hackers despite previously saying they would not do so

Colonial Pipeline Co. reportedly paid nearly $5 million to the ransomware group Darkside who had shut down their pipeline for six days by hacking it. This is in direct contradiction to what was reported earlier this week which said the company had no intentions of paying the ransom.

The company had paid the ransom in cryptocurrency just hours after the cyberattack had shut down the 5,500-mile pipeline, which is the country’s largest and is essential for supplying Eastern Coast and South East with more than 100 million gallons of fuel per day. The decision to pay the ransom could be linked to the pressure Colonial was facing in restoring its fuel services, especially after the outage sparked panic buying and rising gasoline prices in the states affected. Once the hacker had received the payment they provided the operator with a decrypting tool to restore its disable computer networks, however the tool was so slow that the company continued to use its own backups to help in restoring the system, according to one person familiar with the situation.

Interestingly one insider said that the U.S. government was aware that Colonial had paid the ransom, but when asked whether he had been briefed on the ransom payment President Joe Biden simply replied, “I have no comment on that.” According to the FBI a Russian based hacker group called Darkside is responsible for the attack. Ransomware cyberattacks often involve malware which encrypts files on a network therefore making the system inoperable. The cybercriminals then demand a ransom in exchange for the stolen data.

The deputy national security advisor for cyber and emerging technologies, Anne Neuberg, described the decision to pay the ransom as a “private sector decision” and went on to say that “We recognize that victims of cyberattacks often face a very difficult situation and they have to just balance often the cost-benefit when they have no choice with regards to paying a ransom.” She also added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage the hackers to return and carry out more cyberattacks. Darkside also released a statement on its dark web site which reads, “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives.” The statement goes on to say “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

On Monday Biden told reporters that “So far there is no evidence from our intelligence people that Russia is involved although there is some evidence that the actor’s ransomware is in Russia.” By Wednesday the Colonial Pipeline Co. were able to announce that they had resumed operations but added that “some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start up period.” 





Leave a Reply