Colonial Pipeline paid the hacker group DarkSide nearly $5 million dollars in ransom to get their systems back operational. The money was paid through an untraceable cryptocurrency and reports say that it was paid almost immediately after the attack. DarkSide gave Colonial Pipeline a slow-acting decryption tool to restore their systems after payment was rendered. The slow nature of the tool is probably what caused the pipeline to be down as long as it was.
According to multiple news outlets, Colonial Pipeline was hacked with “ransomware”, or a type of virus that prevents the operation of a computer and/or computer system. This event happened back on May 7th and Colonial announced that their pipeline was back online on May 13th. Almost a full week of disruption for a pipeline that provides 45% of the Eastern Seaboard and South’s gas at the pump is a serious thing. Colonial Pipeline also provides jet fuel. Flights out of Charlotte that would normally fly on straight-shot flights had to stop once or twice to refuel.
Companies are normally discouraged from paying hackers to remove ransomware for a few reasons. First of all, there is no guarantee that the group claiming responsibility for the attack will follow through on its promise to remove the ransomware. Then there is the emboldening of such groups. DarkSide says they already have three new victims. And of course, there will be copycats who try and cash out by exploiting the weaknesses of companies and organizations. Sometimes, even individual people become targets of ransomware. In 2020, about $350 million dollars of ransomware money was paid to hacker groups, with the average payout being around $300,000.
Colonial Pipeline may have performed a simple risk/reward analysis. If they refused to pay the hackers, then they could have had the ransomware removed with the help of the US Government and “white-hat” (good) hackers. But the problem is that this could have taken a very long time to resolve. And it only took about three days of the pipeline being down for over 1,000 gas stations to report severe gas shortages or gas outages. It would have cost their company a lot reputation-wise and in actual money. A report says that Colonial failed to upgrade its system to make it more secure. That could have been a huge fine from the Federal Government if things got really bad.
Although the pipeline is back up and running, there will still be gas shortages for a few more days until the supply chain returns to normal. Gas trucks need to fill up and deliver the gas to all of the gas stations that are out. And there are only a certain number of gas trucks and gas truck drivers to go around. This means there is a backlog to clear before everyone is back to normal. Gas hoarders may still be on the loose due to the fear that the media has stoked so that will also contribute to the amount of time that gas stations will need to get back to normal.
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom – Bloomberg
Colonial Pipeline Restarts Operations As Biden Seeks To Protect Government From Cyber Attacks
Charlotte flights impacted by Colonial Pipeline attack
Ransomware gangs made at least $350 million in 2020 | ZDNet
DarkSide, hacker group behind pipeline attack, claims three new victims
Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags | Threatpost
Colonial Pipeline paid $5m ransom to hacking group DarkSide after huge attack, report says | The Independent