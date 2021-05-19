Report: Colonial confirms it paid $4.4M to pipeline hackers

Tanker trucks are parked near the entrance of Colonial Pipeline Company Wednesday, May 12, 2021, in Charlotte, N.C. The operator of the nation’s largest fuel pipeline has confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems. That's according to a report from the Wall Street Journal. Colonial Pipeline’s CEO Joseph Blount told the Journal that he authorized the payment after the ransomware attack because the company didn’t know the extent of the damage. (AP Photo/Chris Carlson)
The Associated Press
·2 min read

The operator of the nation's largest fuel pipeline confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems, according to a report Wednesday from The Wall Street Journal.

Colonial Pipeline's CEO, Joseph Blount, told the Journal he authorized the payment after the May 7 ransomware attack because the company didn't know the extent of the damage and wasn't sure how long it would take to bring the pipeline's systems back.

The FBI discourages making ransom payments to ransomware attackers, because paying encourages criminal networks around the globe who have hit thousands of businesses and health care systems in the U.S. in the past year alone. But many victims of ransomware attacks, where hackers demand large sums of money to decrypt stolen data or to prevent it from being leaked online, opt to pay.

“I know that’s a highly controversial decision,” Blount told the Journal. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

“But it was the right thing to do for the country,” he said.

Blount said Colonial paid the ransom in consultation with experts who previously dealt with the group behind the attacks, DarkSide, which rents out its ransomware to partners to carry out the actual attacks.

Multiple sources had confirmed to The Associated Press that Colonial Pipeline had paid the criminals who committed the cyberattack a ransom of nearly $5 million in cryptocurrency for the software decryption key required to unscramble their data network.

A ransom payment of 75 Bitcoin was paid the day after the criminals locked up Colonial’s corporate network, according to Tom Robinson, co-founder of the cryptocurrency-tracking firm Elliptic. Prior to Robinson’s blog post, two people briefed on the case had confirmed the payment amount to AP.

Blount told the Journal the attack was discovered around 5:30 a.m. on May 7. It took Colonial about an hour to shut down the pipeline, which has 260 delivery points across 13 states and Washington, D.C., Blount said. That helped prevent the infection from potentially migrating to the pipeline's operational controls.

The pipeline system delivers about 45% of the gasoline consumed on the East Coast, and Colonial, which is based in Alpharetta, Georgia, halted fuel supplies for nearly a week. That led to panic-buying and shortages at gas stations from Washington, D.C. to Florida.

Colonial restarted its pipeline a week ago, but it took time to resume a full delivery schedule, and the panic-buying led to gasoline shortages. More than 9,500 gas stations were out of fuel on Wednesday, including half of the gas stations in D.C. and 40% of stations in North Carolina, according to Gasbuddy.com, which tracks fuel prices and station outages.

Recommended Stories

  • Ransomware hits near pre-Colonial Pipeline levels, data suggests

    WASHINGTON (Reuters) -Digital extortion attempts are returning to their pre-Colonial Pipeline levels, according to data and interviews with some incident responders, suggesting that the upheaval around the hack that paralyzed a major U.S. fuel conduit has yet to curb cybercriminals' appetite for ransoms. Ransomware incidents are usually shrouded in secrecy, with victim companies and criminals alike eager to prevent the eye-watering extortion payments from becoming public. There was a dip in the number of companies whose data was uploaded to ransomware operators' name-and-shame sites in the days following the Colonial intrusion, said Allan Liska, a researcher with cybersecurity firm Recorded Future.

  • Colonial Pipeline CEO on paying ransom: 'It was the right thing to do'

    The CEO of the Colonial Pipeline on Wednesday justified authorizing a ransom payment of $4.4 million to hackers who broke into its systems in early May, saying that he wasn't sure how much the cyberattack had affected the company or its ability to provide gas to customers again.

  • The hackers who shut down Colonial Pipeline brought in over $90 million in bitcoin ransoms while in operation

    DarkSide, which forced a shutdown of the Colonial Pipeline, has collected 47 ransoms since October, according to new research.

  • Colonial Pipeline CEO says company paid hacker group $4.4 million as part of ransomware attack

    CEO of Colonial Pipeline Joseph Blount told the Wall Street Journal he authorized a ransom payment of $4.4 million to the DarkSide cybercrime group on May 7 in an attempt to restore the services of the largest refined fuels pipeline in the U.S.Why it matters: The federal government for years has recommended that companies do not pay criminals during ransomware attacks over fears that the transactions would only encourage more groups to conduct future attacks.Get market news worthy of your time with Axios Markets. Subscribe for free.Context: The breach of the pipeline triggered new concerns about the vulnerability of the country's increasingly digitized energy systems.As a result of the ransomware attack, gas stations in at least 12 states and the District of Columbia experienced gas shortages, which have persisted even after the pipeline resumed normal operations on Saturday, according to crowdsourced data collected by GasBuddy. What they're saying: Blount told WSJ that Colonial paid the ransom after consulting experts who had dealt with DarkSide in the past.“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.” “But it was the right thing to do for the country."The big picture: In exchange for the millions of dollars in the form of bitcoin, Colonial Pipeline received from DarkSide a decryption tool that ultimately did not immediately restore its computer systems, a person involved with the transaction told the WSJ.DarkSide claimed last week that it would be shutting down after it had lost access to the infrastructure needed to carry out its extortion operations and that a cryptocurrency account it uses to pay its affiliates had been drained.Security experts say cyber criminal groups often disband only to return under different names, and it therefore can't be determined if the disruption to DarkSide's infrastructure is legitimate or permanent.Go deeper: The new digital extortionLike this article? Get more from Axios and subscribe to Axios Markets for free.

  • Colonial Pipeline resolves new server problem, flow unaffected

    Colonial Pipeline, which operates the US oil conduit shut down for days by a cyber attack earlier this month, said on Tuesday it had resolved a temporary server disruption that did not affect the flow of petroleum products.

  • Fact check: Viral image of plastic bags filled with gas is from 2019

    An image claiming to show gas-filled plastic bags amid the shutdown of the Colonial Pipeline was actually taken in 2019 in Mexico.

  • Police officer sexually assaulted 19-year-old woman in bathroom, Texas cops say

    The police chief called it an “abhorrently shameful act.”

  • DarkSide Hackers’ Bitcoin Stash Tracked

    DarkSide hackers might have received 321.5 BTC for ransom since March, with 107 BTC still unaccounted for.

  • 'Protect us': French police protest attacks on officers

    The discontent within the police will trouble President Emmanuel Macron, who wants to show voters he is strong on law and order ahead of next year's election, when the far-right leader Marine Le Pen is expected to mount the biggest challenge.Police unions complain that the government is failing to protect officers from daily attacks that leave some afraid of doing their jobs in certain towns and cities.The protest took place after a month-long period which saw a policeman killed during an anti-narcotics operation and a police force employee stabbed to death outside her commissariat.However, human rights groups and ethnic minority associations have frequently levelled accusations of brutality and systemic racism against the police force itself.

  • Colonial Pipeline hit by brief network outage amid efforts to harden system

    NEW YORK (Reuters) -Colonial Pipeline's said its scheduling system was back online on Tuesday after a network outage earlier in the day prevented customers from planning upcoming shipments on the biggest U.S. fuel pipeline. The disruption was caused by efforts by the company to harden its system as it restored service following a week-long outage due to a cyberattack, Colonial said, and was not the result of a reinfection of its network. After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel.

  • Olympics - Human rights activists urge athletes to boycott Beijing Games

    Beijing is set to host the Olympics in February 2022, but the IOC has faced criticism over its decision to award the country the Games in light of China's human rights record. The calls for a full boycott came ahead of a U.S. congressional hearing at which the Winter Olympics and China's human rights record were being discussed.

  • Route 59 closed in Bartlett after 'shooting incident': police

    Part of Route 59 in Bartlett was closed Wednesday after a "shooting incident."

  • New hoops league for prep stars building facility in Atlanta

    A new basketball league created for standout high school players is building a state-of-the-art facility in Atlanta. Also under construction: the high-level hoopsters set to join a league that offers another possible avenue to the NBA. Overtime Elite announced Wednesday it is constructing a 103,000-square-foot complex where prep players will train, study and compete.

  • Jags come in near the bottom of ESPN’s NFL power rankings

    Despite a busy offseason, Jacksonville still finds itself at No. 30 in ESPN's power rankings, the same place it was after free agency.

  • Woman's body found in Raleigh

    On Monday, police said the body has been identified as Amber Lynn Lightsey, 22. who was reported missing May 13.

  • Knives Out 2 decides not to wait for it, adds Leslie Odom Jr.

    Last week, inspired by the daily string of excellent Knives Out 2 casting announcements, The A.V. Club got together and we made our own—all excellent—pitches for who should be in Rian Johnson’s whodunnit sequel. However, as reported by The Hollywood Reporter, Johnson’s latest offer went to someone we didn’t think of: Leslie Odom Jr., fresh off of an Oscar nomination for his work in One Night In Miami (and also he was apparently in something called Hamilton). He’ll be joining, in reverse order of when they were announced, Kathryn Hahn, Janelle Monáe, Edward Norton, Dave Bautista, and Daniel Craig (who, as far as we know at this point, will be the only returning character from the first movie). This casting also debunks our theory that Johnson was specifically picking up people who had been in Marvel movies, as up until now Craig and Monáe were the only ones who had never met Iron Man, so that was apparently just a statistical inevitability caused by how many actors have been in Marvel movies and not a conscious decision.

  • Body of missing Harwich woman found in Falmouth Harbor

    Police are calling the death of the 34-year-old mother a tragic accident.

  • Wisconsin offers Pennsylvania’s No. 1 player in the class of 2023

    The Wisconsin football program went back to the state of Pennsylvania earlier today and offered class of 2023 athlete Rodney Gallagher---his

  • Too Hot To Handle season 2 has a release date, and it's soon

    Here's everything we know

  • Spain sends army as 5,000 migrants reach Ceuta

    Footage from local Faro TV channel showed soldiers in armored vehicles guarding the enclave's beach as dozens of migrants emerged from the water while hundreds of potential migrants stood on the Moroccan side of the fence between the enclave and Morocco.Soldiers started patrolling the border along with Spanish police, Grande-Marlaska told state broadcaster TVE. As many as 6,000 Moroccans, including about 1,500 minors, swam into Ceuta on Monday (May 17) and Tuesday (May 18), he said.A spokesman for Ceuta's government delegation said soldiers will also work with police in sensitive locations within the enclave to maintain order on the streets.One person died in Monday's crossing, the spokesman said.