Colonial Pipeline pays $4.4m ransom to cyber criminals

The ransomware attack on the 2.5 million barrels per day pipeline endangered access to fuel for the US East Coast

The cyber security market is forecast to be worth $363.05 billion over the next five years, according to Mordor Intelligence. Getty
Powered by automated translation

Colonial Pipeline, which suffered a major cyber attack that caused fuel shortages and price increases across the US this month, paid $4.4 million to the criminal group to regain control of its systems.

Joseph Blount, chief executive of the company, told the Wall Street Journal that he approved the ransom payment because his employees did not know how badly the attack had breached the systems and how long would it take to bring the pipeline back in action.

"I know that's a highly controversial decision … I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this. But it was the right thing to do for the country," Mr Blount told the WSJ.

The ransomware attack on the 2.5 million barrels per day Colonial Pipeline endangered access to fuel for the US East Coast.

The pipeline, which was built in the 1960s, snakes across a distance of 8,850 kilometres and carries products sufficient to meet the total consumption of Germany – Europe’s largest economy and the world’s fourth-biggest.

The company realised that its systems were compromised on May 7, when an employee found a ransom note from hackers on a control-room computer.

"We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that's not the case any more ... everybody in the world knows," said Mr Blount.

Colonial paid the criminal group in cryptocurrency and in return, it got a decryption tool to unlock the compromised systems.

Mr Blount estimated that the attack will ultimately cost the company tens of millions of dollars.

DarkSide, the criminal group identified by the FBI for being behind the ransomware attack on the Colonial Pipeline, said its aim was to "make money" but not create problems for society.

DarkSide, which follows the ransomware-as-a-service model – meaning it sells or leases ransomware to others to carry out attacks – reportedly shut down due to the “pressure” from the US government after the incident.