Colonial Pipeline Said to Pay Ransom to Hackers Who Caused Shutdown
Colonial Pipeline Co. paid a ransom to the criminal hackers who caused the company to shut down the country’s largest conduit of fuel, according to people familiar with the matter, a payment that allowed the firm to obtain decryption tools to try to unlock its computer systems.
The ransom, paid in cryptocurrency, was approximately $5 million at the time of the transaction, one of the people familiar with the matter said.
The company restarted pipeline operations Wednesday and said it was resuming service throughout its entire system Thursday after a cyberattack last week forced it to shut it down, leading to regional gasoline shortages and higher prices. It couldn’t be learned whether the ransom payment directly enabled Colonial to restart its 5,500-mile conduit, which runs from Texas to New Jersey.
Energy analysts said it would likely take days before gasoline supplies are returned to normal in affected states in the Southeast.
Bloomberg reported earlier Thursday that Colonial had paid the hackers a sum of nearly $5 million, and that the decryption tool ultimately wasn’t effective in restoring operations. Instead, Colonial was able to recover by relying on system backups, Bloomberg reported.
Colonial declined to comment on the ransom.
The company, which estimates that it provides 45% of the East Coast’s fuel, shut down the pipeline last Friday after being hit by a ransomware attack. U.S. officials and cybersecurity experts have linked the attack to a Russian-speaking criminal gang known as DarkSide, believed to be based in Eastern Europe.
Ransomware is a type of cyberattack that locks up a victim’s computer systems and demands payment from a victim to have the files released. Payments are usually made with cryptocurrency.
For years, the Federal Bureau of Investigation has told companies victimized by ransomware to not pay hackers because doing so would support a booming criminal marketplace. Digital extortion schemes have become so lucrative that they now routinely tally into the tens of millions of dollars, according to U.S. officials and security companies that track ransomware.
Senior U.S. officials have acknowledged that companies often have little choice but to pay, especially if their systems aren’t securely backed up.
DarkSide, which has said it has broken into networks on more than 80 companies dating back to August 2020, claims to be an experienced team of ransomware creators that previously made millions of dollars infecting victim networks.
DarkSide also claims to engage in extortion, threatening to publicly publish data belonging to its victims if they don’t pay the ransom. The hackers have said they are willing to sell inside information about publicly traded companies if these companies refuse to meet their ransom demands.
Speaking to reporters Thursday, President Biden declined to comment on whether he had been briefed on the ransomware payment. The FBI had concluded that the Russian government wasn’t directly responsible for the pipeline hack, Mr. Biden said, but he said he expected to speak to Russian President Vladimir Putin soon about the country turning a blind eye to criminal hacker enterprises within its borders.
“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia,” Mr. Biden said. “We have been in direct communications with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.”
Russian officials have denied involvement in the Colonial Pipeline hack.
The shutdown of the pipeline, which delivers gasoline, diesel, jet fuel and other refined products, triggered a run on gas stations along parts of the East Coast this week and helped push gasoline prices to their highest levels in 6 1/2 years.
Colonial said Thursday afternoon that it had begun delivering fuel to all of its markets as it restarted operations, though it warned it would take several days for the product delivery supply chain to return to normal.
“Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period,” it said in a statement.
The national average gasoline price edged up Thursday about 2 cents a gallon to $3.03, pushed up in part by a run on gas stations across the Southeast, according to AAA. Prices started the year at around $2.25 and have been rising as fuel demand continues to recover from last year’s pandemic lows.
Thousands of gas stations from Tallahassee, Fla., to Washington, D.C., ran out of fuel this week as nervous motorists waited in long lines. As of Thursday morning, 68% of gas stations in North Carolina had run dry, according to the fuel and price tracker GasBuddy, which collects data from drivers that report such outages. In Georgia, 49% had run out of fuel; in South Carolina, 52%; in Virginia, 54%.
At least seven public school systems in North Carolina, Georgia and Tennessee instituted remote classes at least through Friday as the gas shortage makes it harder for staff and students to go in person, according to their websites and local media reports.
“We are monitoring local fuel availability and have not seen a significant increase in the level of fuel options over the past 24 hours,” Chapel Hill-Carrboro City Schools in North Carolina said in a statement.
Link: https://www.wsj.com/articles/colonial-pipeline-expects-to-fully-restore-service-thursday-following-cyberattack-11620917499?mod=hp_lista_pos5