Colonial Pipeline reportedly paid nearly $5 million to a cybercriminal gang on Friday after the company’s systems were targeted with ransomware.
Despite initial claims that the company did not intend to pay, Bloomberg reported on Thursday that Colonial Pipeline agreed to the extortion fee in an effort to restore its services.
The company, which operates a pipeline that transports close to half of the East Coast’s fuel, is said to have transferred the DarkSide ransomware gang millions of dollars in cryptocurrency just hours after being infected.
After receiving the payment, DarkSide provided Colonial Pipeline with a decryption tool designed to give the company access back to its own files. Yet the tool reportedly worked so slowly that the company ultimately ended up relying more on its own server backups.
Colonial Pipeline, which intentionally halted its services in an effort to contain the ransomware’s spread, has since stated that it believes it will return to full operating capacity by the end of Thursday.
The incident is largely unsurprising to some, including the author of a 2018 audit of Colonial Pipeline’s network who argued that “an eighth-grader could have hacked into that system.”
Concerns over the ransomware incident led to panic buying at gas stations across the East Coast, leading to fuel shortages as a result.
DarkSide, a suspected Eastern European group which has only been active for around six months, is believed to have generated more than $30 million so far through its extortion efforts.
Although the FBI currently recommends that targets of such hacks not pay, reports suggest that funds received by ransomware groups continue to increase. In 2020 alone, victims are believed to have paid over $350 million in cryptocurrency in total after being targeted by ransomware.
In the wake of the pipeline incident, President Joe Biden on Wednesday announced a new executive order aimed at strengthening the country’s digital defenses.