Colonial Pipeline Reportedly Caved To Its Cyberattackers And Paid Hefty $5 Million Ransom

colonial pipeline
We first learned of the cyberattack on Colonial Pipeline's computer systems last week. The company's extensive pipeline network is responsible for supplying the bulk of the United States East Coast with gasoline, diesel, and jet fuel. The company announced that it was a victim of a ransomware attack and had to shut down critical systems. As a result, Americans on the East Coast began panic buying gasoline, which led to shortages and increased prices (cresting $3.00 per gallon in many locations).

Colonial Pipeline didn't initially specify whether it paid the ransom after its systems were attacked. However, a new report alleges that the company paid a hefty ransom to the tune of $5 million. That is an incredible sum of money and is precisely why these nefarious ransomware gangs seek out such high-profile attacks. By hitting critical infrastructure that is the lifeblood of transportation and commerce in the United States, it stands to reason that the victim(s) would want to do anything in their power to get systems operational in a timely fashion.

cybersecurity

Unsurprisingly, the FBI discourages companies from paying ransoms because it only further emboldens these criminals to pick juicier targets. Last week, it was a fuel pipeline; next week, it could be a major hospital tasked with carrying for the lives of hundreds of patients.

According to the report, Colonial Pipeline paid the ransom via a cryptocurrency transfer within hours of the initial penetration of its systems. The hackers then sent the company a decryption tool to recover its data. You would think that paying $5 million would get the company a tool that would recover the data in a timely fashion, but that wasn't the case.

"The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company's efforts said," Bloomberg reports.

colonial map
Current progress on Colonial Pipeline's restart efforts.

And even with its quick payment, it still wasn't enough to stop the widespread disruptions that affected fuel delivery on the eastern seaboard. It was not until yesterday that Colonial Pipeline started the process of restarting its pipeline operations. This morning, the company announced further progress in its efforts.

"Colonial Pipeline has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service," the company stated today in a press release. "By mid-day today, we project that each market we service will be receiving product from our system."

Even with the restart, the company warns that it could be "several days for the product delivery supply chain to return to normal."

The FBI indicated that the Russian hacking group DarkSide is responsible for the attack on Colonial Pipeline.