Colonial Pipeline Paid Hackers $5 Million in Ransom, Reports Say
Colonial said Thursday that it has restarted its entire system but that it will take several days for supply to return to normal.
Colonial Pipeline, the operator of the country’s largest fuel pipeline, paid hackers approximately $5 million as ransom in order to resume operations, according to multiple outlets.
The FBI confirmed Monday that a group known as DarkSide is responsible for attacking Colonial Pipeline’s business operations with ransomware. In such attacks, a victim’s files are encrypted and the actor responsible for the attack says they’ll decrypt the files if the victim pays a ransom. Colonial announced in a statement last Friday that its systems were compromised and temporarily halted all pipeline operations in the U.S. “to contain the threat.”
According to Bloomberg News, which first reported the news, Colonial paid DarkSide in cryptocurrency “within hours after the attack.” The New York Times reported that they paid roughly 75 bitcoin, or almost $5 million.
When asked by NowThis, a representative for Colonial did not confirm or deny that the company paid a ransom.
The country’s biggest fuel pipeline runs 5,500 miles from Texas to New Jersey. Colonial said Thursday that it has restarted its entire system but that it will take several days for supply to return to normal.
“Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period,” the company said in a statement Thursday. “Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”
In the days after Colonial temporarily halted operations, gas prices increased and cars lined up en masse at the pumps. In a Thursday press briefing, President Joe Biden welcomed the news that pipeline operations had been restarted but cautioned drivers along the East Coast from panic-buying gas, saying the disruption in supply will be temporary.
“We expect the situation to begin to improve by the weekend and into early next week,” Biden said. “And gasoline supply is coming back on line, and panic-buying will only slow the process.”
The president also said he will work with governors so that gas stations do not “take advantage of consumers” and price gouge.
When asked if he was briefed on the company paying the ransom, Biden said: “I have no comment on that.” White House press secretary Jen Psaki on Thursday deferred a question about the ransom to Colonial and reiterated that the FBI does not advise private companies to pay ransom “because it can incentivize similar attacks.”
The president said the administration has not ruled out retaliating against DarkSide and its hackers, who are believed to be based in Russia. The Wall Street Journal reported Friday that the hacking group is shutting down and that since Thursday, its website has been down.
On Wednesday, President Biden signed an executive order mandating companies that contract with the U.S. government to report cybersecurity breaches that could impact government networks. The executive order, which has been in development for months and is not a direct response to the Colonial attack, also creates a Cybersecurity Safety Review Board made of leaders from the government and private companies that will “convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity,” according to a White House fact sheet about the order.