After a debilitating and embarrassing cyberattack that crippled the supply chain for days, the Colonial Pipeline Co. buckled to the demands of hackers and paid nearly $5 million in ransom, Bloomberg reported Thursday afternoon.
NBC and CNBC confirmed the report by speaking to a source familiar with the situation and an anonymous U.S. official. Nicole Perlroth, cybersecurity reporter for the New York Times, reported Colonial paid the hackers 75 bitcoin on Monday.
“The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said,” according to Bloomberg. “A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.”
Once the ransom was paid, the hackers provided Colonial Pipeline with a “decrypting tool to restore its disabled computer network,” but the “tool was so slow that the company continued using its own backups to help restore the system,” one of the people familiar with the company’s efforts told Bloomberg.
A representative from the Colonial Pipeline Co. declined to comment on the ransom, but told Bloomberg that the company began to resume fuel shipments around 5 p.m. ET Wednesday.
“Colonial Pipeline has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service,” Colonial’s website said in a Thursday update. “By mid-day today, we project that each market we service will be receiving product from our system.”
Thursday’s update that Colonial Pipeline paid the hefty ransom contradicts earlier reports that said the energy company had no intention of paying the ransom.
During a Thursday news conference, President Joe Biden was asked if he knew that Colonial paid the hackers a ransom, and he responded by saying, “No comment.”
Joe Biden smirks and says “no comment” on if Colonial paid hackers ransom for the pipeline attack https://t.co/a7BCC3X15k
— RNC Research (@RNCResearch)
Colonial became aware of the cyberattack around May 7 and immediately shut down its operations. The paralyzing cyberattack on the nation’s largest pipeline triggered a full-scale shutdown, which led to fuel shortages, panic buying, and several governors declaring a state of emergency. The 5,500-mile pipeline runs from Houston to Linden, New Jersey, and supplies about 45% of the fuel used along the Eastern Seaboard.
By Wednesday, the pipeline shutdown helped push the national average price of gasoline to $3.008 per gallon, according to the Automobile Association of America.
Earlier this week, the FBI named a criminal gang of hackers named “DarkSide” as the culprits of the devastating cyberattack. DarkSide, which specializes in digital extortion, is suspected of operating out of Eastern Europe or Russia. President Biden said the hacker group is likely based in Russia, but does not believe the Russian government is involved.
“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that’s where it came from,” Biden said Thursday.
The DarkSide group described its actions as “apolitical” in a statement provided to CNBC.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the group stated. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
The FBI discourages organizations from paying a ransom in a ransomware attack because “paying a ransom doesn’t guarantee you or your organization will get any data back,” and it “also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Anne Neuberger, the White House’s top cybersecurity official, would not say if companies should pony up ransom demands.
“Typically that’s a private sector decision,” Anne Neuberger, deputy national security advisor for cyber and emerging technologies, told reporters at the White House on Monday. “We recognize that victims of cyberattacks often face a very difficult situation and they have to just balance often the cost-benefit when they have no choice with regards to paying a ransom. Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them.”