Colonial Pipeline paid hackers $5 mn in ransom to re-start operations

Colonial Pipeline has paid nearly $5 million in ransom to Eastern European hackers on Friday, Bloomberg reported.
Colonial Pipeline cyber attack
The Bloomberg report contradicts earlier reports that said the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The US-based Colonial Pipeline paid the ransom in difficult-to-trace cryptocurrency within hours after the attack. The report said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system.

Colonial said it began to resume fuel shipments around 5 p.m. Eastern time Wednesday.

When Bloomberg News asked President Joe Biden if he was briefed on the company’s ransom payment, the president paused, then said: “I have no comment on that.”

The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.

report released by a ransomware task force said the amount paid by victims increased by 311 percent in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493.