According to new reports, Colonial Pipeline paid almost $5m to the hackers behind the massive cyberattack on its systems last week. This is contrary to previous statements denying the company had paid a ransom.

Two sources familiar with the transaction told Bloomberg that the company paid the money in cryptocurrency within hours after the breach last Friday. Several news outlets though previously reported that the business wasn’t planning to pay the digital extortionists.

While Eastern European-based crooks believed to be behind the hack provided Colonial Pipeline with a decryption tool to regain control of its systems, the solution was apparently so sluggish that the company still had to rely on its own backups to get things up and running.

On Wednesday, Colonial Pipeline resumed operations of its main pipeline, which carries 45% of the East Coast’s diesel, petrol and jet fuel supply. It noted in a statement  that it will take “several days for the product delivery supply chain to return to normal.”

The company had first taken its IT systems offline on Friday 7 May after the systems were infected with ransomware.

Ransomware is a kind of malware that takes away the control of data, files and systems from the owner. Cybercriminals usually use it to extort massive ransoms to return control of the system. Cybersecurity experts – including the FBI – usually advise against paying the extortion fees.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

The FBI confirmed that ransomware rented out by the cybercrime group DarkSide was responsible for the shutdown. DarkSide essentially works as a rent-a-cybercrime group, where it creates software and infrastructure that it then rents out to other criminals for a cut of the earnings.

The ransomware-as-service group does not target systems where the language is set to Russian and it also avoids attacking former Soviet states.

In a statement posted on Monday DarkSide appeared to point the blame at one of its affiliates, saying its “goal is to make money and not creating problems for society” and that it was “apolitical”.

Russia has denied any involvement in the hack. The White House has officially stated that it doesn’t believe the Kremlin is involved.