Colonial Pipeline paid its extortionists about 75 bitcoin, or nearly $ 5 million, to recover the stolen data, according to those informed of the transaction.
The payment came after cyber criminals last week locked up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays and threatened to release it online. Colonial Pipeline preemptively shut down its pipeline operations to keep the ransomware from spreading and because it was unable to bill customers for their business and accounting networks offline.
The shutdown of the company’s network, which includes a 5,500-mile pipeline that supplies nearly half of the gas, diesel and jet fuel to the east coast, sparked a cascading crisis that led to emergency White House meetings, a surge in gas prices and panic Buying at the pumps, forcing some airlines to refuel on long-haul flights.
The ransom payment was first reported by Bloomberg. A Colonial spokeswoman declined to confirm or deny that the company paid a ransom.
President Biden also declined to answer whether Colonial Pipeline had paid its extortionists in a news conference Thursday. He did not rule out that the government would retaliate against the cybercriminal, a ransomware outfit called DarkSide. He said the United States was “taking action to disrupt its serviceability”.
Jen Psaki, White House press secretary, said in a separate briefing, “It is the FBI’s recommendation not to pay a ransom in these cases,” as this can encourage cybercriminals to launch further attacks. She added that “companies or private sector companies will make their own decisions”.
DarkSide tried to distance itself from politics. In a statement on its website, the group said it was trying not to be political – an attempt to perhaps thwart a United States pre-emptive strike that took a large ransomware conduit offline last year to attack the Fend off 2020 elections.
Eight DarkSide linked websites went offline on Thursday. It wasn’t immediately clear why. The United States Cyber Command referred questions to the National Security Council, which refused to comment.
It took Colonial several days to get its pipeline back online, a process officials said would take some time. Mr Biden encouraged Americans not to panic buying gasoline and warned gas companies not to cut prices.
“It’s not like flicking a light switch,” he said, noting that Colonial’s pipeline had never been shut down before.
Colonial did not provide many details about the incident or why it was necessary to shut down the pipeline that is keeping other operators off business for safety reasons. Cyber security experts said the attack and its aftermath demonstrated a lack of cyber resilience and planning.
Kim Zetter, a cybersecurity journalist, first reported that Colonial had partially closed its pipeline because its billing systems had gone offline and there was no way to bill customers.
Many organizations in the US, including law enforcement agencies, have chosen to pay their ransomware extortionists rather than suffer the loss of critical data or the cost of rebuilding computer systems from scratch.
In a separate ransomware attack on the Metropolitan Police Department in Washington, DC, hackers said the price offered by the police was “too low” and this week posted 250 gigabytes of the department’s data online, including databases of gang members and Social media records retention requests.
“This is an indicator of why we should pay,” said the cybercriminal named Babuk in an online post. “The police wanted to pay us too, but the amount turned out to be too small. Look at this wall of shame, “they wrote.” You have every chance of not getting there. Just pay us! “
Julian E. Barnes contributed to the coverage.