Report: Colonial Pipeline Paid $5M Worth in Crypto to Ransomware Gang, Restarts Services
The global oil market was shaken by news from the United States as a ransomware attack hit the largest oil infrastructure operation in the country. A recent report claims hackers asked Colonial Pipeline to pay for an undisclosed amount in ransom to unlock the firm’s system – a demand the company allegedly fulfilled.
Darkside Gang Is Allegedly the Author of the Ransomware Attack
According to Bloomberg, Colonial Pipeline paid almost $5 million worth in “difficult-to-trace” cryptocurrencies to hackers allegedly from Eastern Europe. The report contradicts initial claims from the oil firm that it didn’t intend to arrange the ransom payment.
The media outlet also cites that the ransom was paid in “difficult-to-trace” virtual currency. However, CNN said on Wednesday that the group of cybercriminals known as Darkside demanded bitcoin (BTC).
As of press time, CNN updated the original article, confirming Bloomberg’s information, and removing bitcoin’s mention, thus leaving on the air the specific digital asset used for the payment, nor the date it was made. Both CNN’s and Bloomberg’s reports source anonymous people that are “familiar with the matter.”
After receiving the ransom, hackers proceeded to send Colonial Pipeline a decrypting tool to restore its entire systems, allowing them to resume fuel shipments and routine operations.
Investigations from the FBI point to Darkside as to the alleged authors of the extortion, who are mainly based in Russia and Eastern Europe.
The attack on Colonial Pipeline obliged the company to temporarily shut its pipelines down as the systems were compromised, as well as the billing infrastructure to deal with the clients nationwide.
Should the Affected Companies Pay for the Ransoms?
Companies attacked by ransomware often deal with the dilemma of whether to pay for the extortion or not, as authorities recommend not doing so. Anne Neuberger, the White House’s top cybersecurity official, addressed the matter, although she didn’t advise that firms directly pay for ransoms:
We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.
Furthermore, law enforcement encourages companies and entities to not negotiate with hackers because they cannot provide enough guarantees to deliver what they promise.