The Colonial Pipeline Corporation paid hackers $5 million in cryptocurrency on Friday following a cyberattack that knocked the pipeline offline and caused a severe gas shortage, according to sources speaking to Bloomberg News on Thursday contradicting claims that the company would not pay a ransom.
A report on Wednesday said the company is collaborating with FireEye, a cybersecurity firm, to recover its systems rather than paying the ransom, and the FBI does not recommend paying ransomware hackers because it “doesn’t guarantee you or your organization will get any data back.”
After receiving payment, the hackers provided Colonial Pipeline with a decrypting tool to help restore the company’s damaged computer network, but the company relied on its own backups to help restore the system because the tool was slow.
Based on the gas-tracking app GasBuddy, 14 states were experiencing fuel shortages as of Thursday morning, closing 49 percent of stations in Georgia, 34 percent of stations in Tennessee, 52 percent in South Carolina, 68 percent in North Carolina, and 54 percent of stations in Virginia.
While pipeline officials and President Joe Biden declined to comment when asked, a US official speaking on the condition of anonymity confirmed the nearly $5 million payment.
On Monday, the FBI concluded that DarkSide was responsible for the cyberattack, and President Joe Biden stated that Russian officials may bear “some responsibility” for the attack because the group of hackers used ransomware that originated in Russia.
DarkSide allegedly attacked Colonial on Friday, forcing the company to shut down 2.5 million barrels of gasoline service for five days.
Dmitry Peskov, Kremlin spokesperson, denied any Russian involvement in the attack. Colonial is in charge of transporting 45 percent of all fuel used on the East Coast, and the five-day outage left thousands of gas stations in the Southeast without fuel.
While the group has not claimed credit, it did say on Wednesday that it had breached the networks of three other firms.
The Colonial Pipeline was not specifically mentioned in a terse news release posted to DarkSide’s website, but it was noted under the heading “About the latest news” that “our goal is to make money, not creating problems for society.”
The DarkSide tries to take a “high-minded” approach to cyberattacks, pretending to be a “Robin Hood” figure who gives some of the money it steals to charity. The group has stated that it operates under “orders,” which include not attacking hospitals, nursing homes, schools, or government targets.
DarkSide is in the business of developing and marketing ransomware hacking tools, said Cybereason, a Boston-based security firm. The items are then sold to other criminals who carry out the attacks. As a result, DarkSide is a new type of entity on the internet, as it provides Ransomware-as-a-Service.
Though DarkSide posts rules, it is currently unclear how effectively those rules are enforced.
What is a Ransomware Attack?
Ransomware attacks are malware files that encrypt data and render a device inoperable, and criminals usually demand a monetary payment in return for the intrusion to be terminated.
The question of whether victims of such attacks can pay to regain control of their systems is hotly debated. Paying ransom promotes attacks, critics contend.
Speaker of the United States House of Representatives Nancy Pelosi said on Thursday that cyber-attack victims should not be forced to pay a ransom.
Colonial is not the first company to pay a ransom to hackers in order to restore service. In July 2020, the United States travel company CWT paid hackers $4.5 million to attempt to recover corporate files and bring their computer systems back online.