Colonial Pipeline Co. Two people familiar with the transaction said it paid nearly $ 5 million to Eastern European hackers on Friday, contrary to reports that the company did not want to pay the ransom to help restore the country’s largest fuel pipeline earlier this week.
The company paid a large ransom in cryptocurrency just hours after the attack, underscoring the huge pressure the Georgia-based operator is facing to get petrol and jet fuel back to major cities on the East Coast. A third person said US government officials were aware of the colonial payments.
Once they received the money, the hackers provided the operator with an encryption tool to reset its disabled computer network. The tool was very slow, helping the company to restore the system following its own backups, said one of those familiar with the company’s efforts.
A spokesman for the colony declined to comment, a spokesman for the National Security Council said.
The FBI said the hackers were linked to a group called DarkSite, which specializes in digital extortion and are believed to be based in Russia or Eastern Europe.
On Wednesday, the media, including the Washington Post and Reuters, reported that the company did not want to pay the ransom immediately. Those reports are based on anonymous sources.
Ransomware is a type of malware that locks the victim’s files, promising to open payments to attackers. Most recently, some ransomware groups have been stealing victims’ data and threatening to release it if they do not pay – a form of dual extortion.
Deputy National Security Adviser Anne Newberger acknowledged that sometimes companies have no choice but to reimburse: “However, if companies encrypt their data, we recognize that they are often in a difficult position. Data cannot be retrieved. ”
The FBI is encouraging hackers to pay a ransom, saying there is no guarantee that they will keep their promises to open files. It also encourages others to be hackers, the company says. Such guidance presents a problem for victims who have to weigh the risks of non-payment with the costs of lost or disclosed records.
According to a report released by the Ransomware Working Group last month, the amount paid by ransomware victims increased by 311 percent by 2020, reaching about $ 350 million in cryptocurrency. The report states that the average redemption amount paid by companies in 2020 was $ 312,493.
The Colonial, which operates the largest fuel pipeline in the United States, learned of the hack on May 7 and halted its operations, leading to fuel shortages and lines at gas stations along the East Coast.