Colonial Pipeline Paid Massive Amount to Ransomware Hackers

Pile of Cash by 401(K) 2013 is licensed under CC BY-SA 2.0

Colonial Pipeline Company got hacked recently, bringing its thousands of miles of gas pipelines offline for almost a week. 

It was hacked by a group called DarkSide, which used ransomware to lock down various Colonial files and demanded money if it wanted their system back to normal. 

The fake news told us at first that Colonial didn’t pay any money, but that turns out to be untrue. 

In fact, the pipeline giant did pay out a massive ransom to the cyber criminals. And they paid it out right fast.

Acting Chairman Hart visits Colonial Pipeline Dorsey Junction Facility in MD by NTSBgov is marked with CC PDM 1.0

How Much Did Colonial Pay?

It turns out that Colonial paid out around $5 million in Bitcoin to the DarkSide hackers.

They shelled out the payment only hours after their systems got invaded because they knew that if they couldn’t get their system back online here would be hell to pay. 

We already saw long lineups, price gouging and thousands of gas stations across America run out of gas, with the Colonial system offline for almost a week, so apparently that payout didn’t have immediate results. 

Biden didn’t answer when reporters asked if he knew about the ransom payment, but US government sources say they were made aware of it.

“I have no comment on that,” Biden said.

Apparently the hackers did give Colonial the tools to disinfect and unlock its system once they got the Bitcoin, but apparently the decryption tool was very ineffective, which is why it took so long to bring the pipelines back into active status. 

DarkSide is located in Russia or Eastern Europe, but it is not known what exact links they could have to the Russian government or whether they were really only doing it for money. 

‘Companies Are Often in a Difficult Position’

The top cyber security leader at the White House is a woman by the name of Anne Neuberger. In comments on the issue of ransomware, Neuberger said she knows how difficult it is although she won’t say that ransom is ever something that should be paid.

“We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” Neuberger said.

“This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait,” said Ondrej Krehel, CEO of the digital security company LIFARS. 

Krehel said that Colonial actually got off easy at only $5 million. 

“Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response, Krehel said.