According to new reports, Colonial Pipeline paid almost $5m to the hackers behind the massive cyberattack on its systems last week. This is contrary to previous statements denying the company had paid a ransom.
Two sources familiar with the transaction told Bloomberg that the company paid the money in cryptocurrency within hours after the breach last Friday. Several news outlets though previously reported that the business wasn’t planning to pay the digital extortionists.
While Eastern European-based crooks believed to be behind the hack provided Colonial Pipeline with a decryption tool to regain control of its systems, the solution was apparently so sluggish that the company still had to rely on its own backups to get things up and running.
On Wednesday, Colonial Pipeline resumed operations of its main pipeline, which carries 45% of the East Coast’s diesel, petrol and jet fuel supply. It noted in a statement that it will take “several days for the product delivery supply chain to return to normal.”
The company had first taken its IT systems offline on Friday 7 May after the systems were infected with ransomware.
Ransomware is a kind of malware that takes away the control of data, files and systems from the owner. Cybercriminals usually use it to extort massive ransoms to return control of the system. Cybersecurity experts – including the FBI – usually advise against paying the extortion fees.
The FBI confirmed that ransomware rented out by the cybercrime group DarkSide was responsible for the shutdown. DarkSide essentially works as a rent-a-cybercrime group, where it creates software and infrastructure that it then rents out to other criminals for a cut of the earnings.
The ransomware-as-service group does not target systems where the language is set to Russian and it also avoids attacking former Soviet states.
In a statement posted on Monday DarkSide appeared to point the blame at one of its affiliates, saying its “goal is to make money and not creating problems for society” and that it was “apolitical”.
Russia has denied any involvement in the hack. The White House has officially stated that it doesn’t believe the Kremlin is involved.
Verdict deals analysis methodology
This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.
GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.
More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.