Colonial Pipeline Paid Ransomware Criminals $5m – Report

The Colonial Pipeline ransomware attack last week has taken a fresh twist, after the criminals behind the attack were reportedly paid a sickening amount of money.

Bloomberg, CNN, and other US media sources all citing their own sources, reported that a ransom was paid – to the tune of $5 million.

This payment of the ransom contradicts reports earlier this week that the company had no intention of paying a ransom to help restore the country’s largest fuel pipeline, despite the firm reportedly having an insurance policy in place for just such an eventuality.

Payment made

According to Bloomberg, the Georgia-based operator of the pipeline paid the $5 million in cryptocurrency within hours after the attack.

That quick payment underscored the immense pressure the operator was under to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, people told Bloomberg.

A third person familiar with the situation said US government officials are aware that Colonial made the payment.

Once they received the payment, the hackers reportedly provided the operator with a decrypting tool to restore its disabled computer network.

The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment.

Devastating attack

Colonial said it began to resume fuel shipments around 5pm Eastern time Wednesday, but there is still reports of widespread disruption in parts of the United States, with fuel supplies running out at petrol stations, and passenger jets having to make extra stops on their flights to refuel.

The attack was carried out by the criminal group called DarkSide, which is reportedly based in Russia or eastern Europe.

Earlier this week British Foreign Secretary Dominic Raab warned Russia that it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.

US President Joe Biden was briefed about the cyber-attack this past week and had already enacted emergency powers to deal with the disruption.

Also this week President Biden signed an executive order designed to enhance cyber security in the US.

As part of that order, federal agencies will be required to introduce multi-factor authentication to their systems and encrypt all data within six months in a bid to make it harder for hackers to penetrate their IT infrastructure.

Bloomberg News asked President Biden if he had been briefed on Colonial Pipeline making the ransom payment to the criminals, the president paused, then said: “I have no comment on that.”