Colonial Pipeline paid nearly 5 million USD to hackers

Colonial Pipeline paid a ransom to hackers after the fuel transportation company suffered a large-scale cyber attack, a source familiar with CNBC confirmed.

Colonial Pipeline’s Dorsey fuel station in Maryland, USA. Photo: Reuters

An unnamed US official confirmed to NBC News that Colonial Pipeline paid nearly $ 5 million “ransom” to a group of hackers who attacked with malicious code (ransomware) on this company’s fuel pipeline system. . Colonial Pipeline’s pipeline network is responsible for providing nearly half of the fuel for the East Coast of the United States.

It is not clear when the payment transaction was conducted, and Colonial Pipeline has not yet commented on the matter.

US President Joe Biden declined to comment on May 13 when asked if Colonial Pipeline would pay the ransom demanded by hackers. White House press secretary Jen Pskai told reporters that the federal government remains in a position not to pay ransom because it could encourage cybercriminals to carry out more similar attacks.

A cyberattack carried out by the DarkSide cybercrime group last week caused Colonial Pipeline to shut down nearly 5,500 miles of pipeline, disrupted nearly half of the fuel supply to the US East Coast and caused gasoline shortages. in the Southeast region of the United States.

Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access.

White House national security officials said the attack was extortion-driven in nature, but they did not say whether Colonial Pipeline would agree to pay the ransom.

“It’s a private-sector decision,” said Anne Neuberger, deputy national security adviser for US cyber and emerging technologies, when asked about the possibility of Colonial Pipeline paying the ransom.

“We’ve found that victims of cyberattacks often face a very difficult situation, and they often have to balance the costs and benefits when they have no other choice in the ransom issue. Colonial Pipeline is a private company and we will delay information on the decision to pay the ransom to them,” added Ms. Neuberger.

The female adviser said the US Federal Bureau of Investigation (FBI) had previously warned victims of malware attacks that paying ransoms could encourage more malicious actions.

In a statement earlier this week provided to CNBC by Cybereason, the DarkSide team asserted its actions were “apolitical”.

“We are apolitical, we do not engage in geopolitics, should not tie us to a particular government and seek our motives,” DarkSide wrote. The group added: “Our goal is to make money, and not cause harm to society.”

Earlier this week, President Biden said the United States had no intelligence that the DarkSide group’s cyberattack was linked to the Russian government.

“To date there is no evidence from our intelligence that Russia is involved, although there is evidence that the cyberattack group’s ransomware is located in Russia, they have some responsibility to deal with it.” this issue,” Biden said at the White House.

The Kremlin previously denied that it carried out cyberattacks against the US.

On the evening of May 12, Colonial Pipeline Company said it had initially restored operations a few days after the cyber attack. The company interpreted its decision to temporarily close pipeline service as a precautionary measure. “Some markets fueled by Colonial Pipeline may experience or continue to experience service disruptions while the company restarts systems. Colonial Pipeline will transport gasoline, diesel, and diesel fuel. and jet fuel as much as possible and will continue to do so until the market returns to normal,” a company representative said.

The cyber attack on the Colonial Pipeline is the latest in which cybercriminals have exploited a US cyber vulnerability. Last year, IT company SolarWinds’ software was compromised and hackers gained access to the communications and data of several government agencies.

The Russian government has denied all accusations of being behind the attack on SolarWinds.