US

Colonial Pipeline paid hackers $5M ransom last week: report

Colonial Pipeline paid hackers $5M ransom last week: report

Colonial Pipeline forked over nearly $5 million last week to the Eastern European criminal group that hacked the company, shuttering the largest oil pipeline in the US, spurring widespread gas shortages and panic buying across the Southeast.

Bloomberg News reported that Colonial coughed up the ransom just hours after the ransomware attack took place on Friday.

The Alpharetta, Georgia-based company paid the ransom in untraceable cryptocurrency, Bloomberg reported, citing two people familiar with the transaction.

Once the hackers received the payment, they provided Colonial with a decrypting tool to restore its downed IT network, according to the outlet, which reported the fix was so slow that the company opted to use its own backups to help restore the system.

Colonial did not immediately return The Post’s request for comment.

The FBI believes that the crippling cyberattack was orchestrated by a Russia-based criminal group.

The company said it started resuming operations Wednesday evening and by Thursday morning, product was flowing to most of the markets it services.

Colonial Pipeline allegedly paid $5M in ransom after the cyber attack.
Colonial Pipeline allegedly paid $5M in ransom after the cyber attack.
Michael M. Santiago/Getty Images

The Bloomberg report contradicts earlier reporting by the Washington Post and Reuters that said the company had no immediate intention of paying the ransom. Those outlets cited anonymous sources.

Ransomware is a kind of malicious software that locks up a user’s data. In ransomware attacks, the hackers often demand a ransom for the unlocking or return of the affected data.

“The FBI does not support paying a ransom in response to a ransomware attack,” according to the FBI’s website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Gas has been running  out at station across the East Coast since the hacking.
Gas has been running out at station across the East Coast since the hacking.
EPA/SHAWN THEW

President Biden on Wednesday signed an executive order intended to improve US cybersecurity after the hack. The order, among other things, establishes a new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal systems log cybersecurity incidents and use multifactor authentication and stronger encryption.

DarkSide is known to extort cash from corporations and give a cut to charity, the Associated Press reported Sunday, citing sources familiar with the federal investigation of the Colonial hacking.

In a statement reportedly posted on DarkSide’s website last week, the group claimed, “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The statement, provided to CNBC by the Boston-based security company Cybereason on Monday, added: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives.”

While President Biden stopped short earlier this week of linking the Kremlin and DarkSide, he said that “there is evidence that the actors’ ransomware is in Russia.”

During a White House briefing, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, also described DarkSide as “a criminal actor” but said that “our intelligence community is looking for any ties to any nation-state actors.”

Motorists fill up gas cans at a Shell station in Charlotte, North Carolina on May 12, 2021.
Motorists fill up gas cans at a Shell station in Charlotte, North Carolina on May 12, 2021.
LOGAN CYRUS/AFP via Getty Images

The hacking of the pipeline sent gas prices skyrocketing in hard-hit states and the nationwide average price rose to a 7-year high.

Chaotic scenes of panic buying played out across the Southeast as desperate drivers searched for gas.

Many stations are still dry and likely will be for a few more days as fuel begins to flow through the pipeline again, Secretary of Energy Jennifer Granholm said Thursday.

Colonial Pipeline reportedly paid the ransom in untraceable cryptocurrency.
Colonial Pipeline reportedly paid the ransom in untraceable cryptocurrency.
EPA/SHAWN THEW

As of Thursday morning, most gas stations in North Carolina, South Carolina and Virginia were dry, according to GasBuddy analyst Patrick DeHaan’s estimates.

Nearly half in Georgia and the District of Columbia were also out of gas, according to DeHaan.

About the author

James Thompson

James Thompson has worked in various news organizations and now aims to make Report Door one of the best and fastest growing news websites in the U.S. He contributes to the US and World sections.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *