IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Colonial Pipeline reportedly paid $5 million ransom

Alleged payment contradicts the firm’s statement that it wouldn’t pay

Fuel pump with an "out of gas" sign on it

Colonial is said to have paid Eastern European hackers in Eastern Europe around $5 million last Friday, despite reports earlier this week stating the firm had no intention of paying the ransom to help bring the US’s largest pipeline back online.

According to Bloomberg, the Georgia-based company paid the ransom in virtually untraceable cryptocurrency. A source told Bloomberg that US government officials were also aware that Colonial paid the ransom to keep gas stations open and planes fueled in southeastern cities. The incident has caused fuel shortages in North and South Carolina, Georgia, Virginia, and Florida.

Once Colonial made the payment, the hackers sent the firm a decryption tool to fix its computer systems. However, the tool was slow to fix problems, leaving the pipeline company relying on backups to restore systems.

Spokespeople from Colonial and the US government declined Bloomberg’s request for comments.

According to the FBI, the hackers, known as Darkside, are in Eastern Europe or Russia and behind the attacks. Darkside reportedly expressed regret at the amount of damage it caused the company. The hackers said they were “apolitical” and didn’t “participate in geopolitics.”

Previous reports said that Colonial had no intention of paying the ransom. The FBI has discouraged organizations from paying ransom to cyber criminals, as there is no guarantee the hackers will provide tools to decrypt ransomed data.

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

Darren Van Booven, lead principal consultant at Trustwave and former CISO of the US House of Representatives, told ITPro that Colonial Pipeline initially said the pipeline shutdown was precautionary. 

“If the OT environment around the pipeline operations was properly segregated and secured apart from the Colonial administrative systems, then the pipeline shouldn’t have been in any danger. If the ransomware infiltrated the administrative networks only, Colonial might have been greatly impacted, but the pipeline could have continued to run,” he said.

“The alleged payment of $5M in ransom seems excessive in the situation where the pipeline wasn’t in any real danger. The OT environment could have been somehow affected due to poor security, separation of OT from IT admin systems, or otherwise.”

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022
Introducing IBM Security QRadar XDR
Whitepaper

Introducing IBM Security QRadar XDR

4 Jul 2022
HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Latest LockBit ransomware strain 'strikingly similar' to BlackMatter
ransomware

Latest LockBit ransomware strain 'strikingly similar' to BlackMatter

4 Jul 2022