Colonial Pipeline paid hackers who shut down some of its networks nearly $ 5 million in ransom, a US official familiar with the matter said Thursday.
News of the payment was first reported by Bloomberg. The US official did not specify how or when the company paid.
Colonial, which operates the country’s largest gas pipeline, said it was hacked on Friday and shut down its four main pipelines that serve the eastern and southeastern United States as a precaution. Gasoline prices went up and some stations ran out of fuel. The Department of Transportation has issued an emergency order allowing truckers who drive fuel in affected states to work longer hours than federal regulations normally allow.
A third-party consulting firm that now handles press inquiries for Colonial declined to comment on the payment.
The company announced on Wednesday that it was resuming operations.
The FBI has historically discouraged, but not prohibited, American ransomware victims from paying hackers because one payment is not guaranteed to work and may encourage criminals to continue attacking others. At a press conference Monday, Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technologies, acknowledged that some organizations may find that paying criminals may be in their best interest.
“We recognize, however, that businesses are often in a difficult position if their data is encrypted and they don’t have backups and can’t recover the data,” she said.
Hackers, known as DarkSide, are one of many ransomware groups that hold organizations’ files hostage and demand payment, either by locking their files and rendering them unusable, or by threatening to release them to the public. .
DarkSide, like many ransomware gangs, is believed to operate in Russia, and their ransomware program is designed to shut down if they infect computers running in Russian.
President Joe Biden said on Monday that U.S. intelligence services believed DarkSide was operating within Russia’s borders and that while it did not appear to be run by the Russian government, he was “going to have a conversation.” with Russian President Vladimir Putin on these groups. . “They have a certain responsibility to deal with this,” he said.
DarkSide in particular is known to provide paying victims with a painfully slow-running decryption program, said Brett Callow, an analyst at cybersecurity firm Emsisoft.
Colonial retained the services of cybersecurity firm Mandiant to deal with the attack. Mandiant does not directly pay ransomware gangs on behalf of customers, a company spokesperson said, but recognizes that victims may choose to do so.