Colonial Pipeline reportedly paid the hackers nearly $5 million, despite suggestions to contrary


After a devastating and deeply embarrassing cyberattack on one of the United States largest oil pipelines, one that forced many gas stations to shut down and reportedly saw average national gas prices rise above $3 for the first time since 2014, the oil is flowing again but Bloomberg is reporting that Colonial Pipeline had to pay a nearly $5 million ransom to get there, and paid that ransom within mere hours.

Thats striking, because its the opposite of what Reuters, CNN and others reported in the wake of the attack. Sources familiar with the companys response, a phrase often used when a company doesnt want to be named, suggested the company had no plans to pay hackers. CNNs sources insisted Colonial Pipeline had not yet paid the ransom, and would probably not need to pay, suggesting it had already managed to retrieve the most important data that was stolen with help from the US government.

Its also a little worrying, because of how a successful ransom might encourage hackers in future. Over the years, weve heard reports of smaller companies and local government entities paying ransoms to regain access to their computers, but this is perhaps one of the most high-profile examples of ransomware yet, and the news might inspire copycats.

On the plus side, an digital forensics expert who spoke to Bloomberg suggested that $5 million isnt a particularly large sum of money for something like this: Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response, LIFARS CEO Ondrej Krehel told the publication. On Monday, the Colonial Pipeline hackers apologized for the social consequences and promised to ransom less controversial targets in the future.

Its not clear which parts of the Colonial Pipeline were at risk: a spokesperson suggested there was no evidence the companys operational systems were compromised; CNN had three sources yesterday say that the pipeline shut down because its billing system was affected, and the company wasnt sure itd be able to charge properly for fuel. Reporting by cybersecurity journalist Kim Zetter suggests the decision was likely more complicated than that, as other entities in the oil distribution system were also worried the ransomware could spread to their computers as well.

Yesterday, President Biden signed an executive order aimed at improving national cybersecurity, with the White House specifically naming the Colonial Pipeline, the SolarWinds hack, and the Microsoft Exchange server vulnerabilities as the kinds of infrastructure failures the government hopes to address.

The Colonial Pipeline began resuming operations on Wednesday evening, with President Biden saying it should be reaching full operational capacity as we speak in a briefing early Thursday afternoon. Oil supplies should be seeing a region-by-region return to normalcy beginning this weekend, he says.

Still, he warns, this is not like flicking on a light switch this pipeline is 500,000 miles long, it had never been shut down in its history… its going to take some time, and there may be some hiccups along the way here.

Biden says the US isnt blaming Russia directly: We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, he says.

He also announced a specific measure against ransomware: Our Justice Department has launched a new task force dedicated to prosecuting ransomware hackers to the full extent of the law.

President Biden declined to comment on whether Colonial Pipeline paid the ransom.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *