Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

The payment clears the way for gas to begin flowing again, but it risks emboldening other criminal groups to take American companies hostage by seizing control of their computers.

By Michael D. Shear, Nicole Perlroth and Clifford Krauss

WASHINGTON — The operator of a critical fuel pipeline on the East Coast paid extortionists roughly 75 Bitcoin — or nearly $5 million — to recover its stolen data, according to people briefed on the transaction, clearing the way for gas to begin flowing again but complicating President Biden’s efforts to deter future attacks.

Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. DarkSide is believed to operate from Eastern Europe, possibly Russia.

The company pre-emptively shut down its pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, setting off a cascading crisis that forced some airlines to make fuel stops on long-haul flights and led to emergency meetings at the White House, a jump in gas prices and panic buying at gas pumps.

With Republicans blaming Mr. Biden for soaring fuel prices and scenes of panicked motorists swarming gas stations, the president on Thursday embraced news that the 5,500-mile pipeline was resuming service. But he cautioned it would take time to resolve shortages and warned gas stations not to engage in price gouging.

“They should be reaching full operational capacity as we speak, as I speak to you right now,” Mr. Biden said in remarks from the Roosevelt Room. “That is good news. But we want to be clear: We will not feel the effects at the pump immediately. This is not like flicking on a light switch.”

Mr. Biden did not rule out the possibility that the administration would target the criminals with a retaliatory strike, saying that the United States would pursue “a measure to disrupt their ability to operate.”

Jen Psaki, the White House press secretary, said the administration was waiting for recommendations from the United States Cyber Command.

On Thursday, eight websites associated with DarkSide were pulled offline. It was not immediately clear why. Cyber Command referred questions to the National Security Council, which declined to comment.

The ransom issue underscores a dilemma for the president as his administration confronts an increasing number of cyberattacks against government and industry. The company’s decision to pay the ransom may help Mr. Biden stanch the political fallout from rising gas prices and long lines at the pumps, but it emboldens other criminal groups or rogue states to take American companies hostage by seizing control of their computers.

Mr. Biden declined to answer whether Colonial had paid its extortionists. Ms. Psaki said it remained the “position of the federal government” not to pay ransoms because the money can encourage criminals to conduct more attacks. She refused to criticize Colonial by name, saying it was “not constructive” to single out any particular company.

Source: Read Full Article