Colonial Pipeline operator paid hackers a ransom of $ 5 million in cryptocurrency

Colonial Pipeline, the operator of the largest fuel supply system in the United States, paid hackers a ransom of $ 5 million in cryptocurrency to restore the operation of the system, the failure of which led to a fuel shortage.

Colonial Pipeline Co. paid hackers from Eastern Europe about $ 5 million in unnamed cryptocurrency to restore the operation of the largest fuel pipeline in the United States. Earlier, the operator of the pipeline system stated that it did not intend to pay the ransom to the attackers.

The company paid the ransom in a hard-to-track cryptocurrency, according to Bloomberg sources. The decision underlines the tremendous pressure the Georgia operator was facing and the need to re-route gasoline and jet fuel to major East Coast cities. A third person familiar with the situation said that US government officials were aware that Colonial had made the payment.

After receiving the ransom, the hackers provided the company with a decryption tool to restore the computer network. The tool was so slow that the company continued to use its own backups to restore the system, one source familiar with the firm said. A Colonial spokesman declined to comment. The company said it began resuming fuel supplies around 5:00 pm ET Wednesday.

When Bloomberg News asked US President Joe Biden if he had been informed of the ransom payment by the company, the President paused and then said, “I have no comment on this.”

According to the FBI, the hackers are affiliated with a group called DarkSide, specialize in digital extortion, and are believed to be located in Russia or Eastern Europe. On Wednesday, media outlets including the Washington Post and Reuters, also citing anonymous sources, reported that Colonial was not going to pay the ransom to the hackers.

The FBI discourages organizations from paying ransoms to hackers, stating that there is no guarantee that the criminals will fulfill the conditions and decrypt the files. The agency says such payments also provide incentives to other hackers. However, Anne Neuberger, the White House’s top cybersecurity official, at a briefing earlier this week declined to express the government’s clear position on the payment of such ransoms.

“We understand that companies often find themselves in a quandary if their data is encrypted, they have no backups, and they cannot recover data,” she told reporters on Monday.

This kind of guidance puts an aggrieved company in a difficult position to balance the risks of default with the cost of losing or disclosing information. Many firms choose to pay hackers, in part because the costs can be covered if they have cyber insurance policies.

“They had to pay,” said Ondrej Krehel, CEO and founder of digital forensics company LIFARS. “This is cyber cancer. Do you wanna die or do you wanna live? This is not a situation where you can wait. ” Krehel said the $ 5 million ransom was “very low.”

“The buyback usually ranges from $ 25 to $ 35 million for such a company. I think the attackers realized that they were attacking the wrong company and provoked a reaction from the government, ”he said.

Colonial, which operates the largest fuel pipeline network in the United States, learned of the hack on May 7 and ceased operations, leading to fuel shortages and queues at gas stations on the east coast. Consumers started buying up gasoline en masse for fear of future shortages. The authorities urged consumers not to panic and not stock up on gasoline for future use.

More and more companies are falling prey to ransomware. In April, the REvil hacker group, known to have infected large companies with a ransomware virus, sent a ransom demand to Apple in Monero, threatening to publish blueprints for Apple’s devices.