The Colonial Pipeline Company was reported to have done an “about face” and paid its extortionists an amount of cryptocurrency equivalent to $5 million.
On Thursday, May 13, Bloomberg asserted Colonial paid the ransom just hours after the cyberattack last Friday, which had forced the company to shut down its pipeline operations and created a severe shortage in gas supply afterward.
Bloomberg’s information was sourced from five individuals who were briefed on the transaction.
This contrasted to a May 12 update where the company denied paying ransom to the hackers on Washington Post.
Eastern European hacker group Darkside targeted Colonial last week, encrypting its data, saying it would only restore the company’s network system if extortion were achieved. Colonial decided to halt its 2.5 million barrels of gasoline service for six consecutive days.
Consequently, the Southeast areas went through a fuel shortage crisis on those days of suspension as Colonial supplied 45% of the region’s gas supply. The result—creating fuel price inflation and panic buying. Airlines had to adjust fuel stops on long-haul flights.
Sources told Bloomberg that Colonial accepted to pay ransom to Darkside of 75 Bitcoin, equivalent to $5 million, for the tool to restore their data. However, the decrypting tool supplied by the hacker group was too slow, and the company had to resort to its own backups to revive the system.
Conversely, an article on Washinton Post on Wednesday this week reported that Colonial resumed its operations after collaborating with cybersecurity firm FireEye to achieve the effort. It told the outlet that the company would not bow down to the hacker’s demand.
“Colonial and its cybersecurity consultants were working to secure its servers, having decided not to pay a ransom demanded by foreign hackers,” the Post reported, citing two individuals “familiar with the matter.”
The cyberattack that struck down the crucial pipeline for nearly a week was a wake-up call of how dependent the U.S. economic and social system is on its pipelines. The pandemonium that occurred over the past few days has proven that it was time for immediate actions to fix America’s Achilles heel.
On Wednesday, Biden signed an executive order tackling the issue. The comprehensive plan requires establishing a Cyber Safety Review Board, which will meet after significant incidents. The effort will have the Defense and Justice departments and representatives from several intelligence agencies and the private sector as participants.