Colonial Pipeline paid $5m ransom to hacking group DarkSide after huge attack, report says

Colonial Pipeline paid nearly $5 million to ransomware group DarkSide following a cyberattack that forced the company to shut down its pipeline for six days, Bloomberg reports.

Initial reports indicated that the Georgia-based company had no intentions to pay the extortion fee while it attempted to restore full service to its operating system. But multiple sources told Bloomberg that Colonial Pipeline paid the hefty ransom in untraceable cryptocurrency on Friday.

The Independent has contacted Colonial Pipeline for a comment.

DarkSide, a Russian-based hacker group, was named by the FBI on Monday as being responsible for the ransomware attack that Colonial Pipeline first reported on Friday.

Typically an attack involves hackers locking up computer systems by encrypting data and paralysing networks before they then ask for a large ransom from the targeted company to unscramble it.

After DarkSide received payment from Colonial Pipeline, the hackers provided the operator with a decrypting tool that would restore the company’s computer network, thus allowing for pipeline services to resume, Bloomberg reports. But the company also reportedly used its own backups to restore the system due to how slow the provided tool worked.

The decision to pay the ransom was likely due to the pressure Colonial Pipeline faced in restoring its fuel services.

This pipeline runs about 5,500 miles between Texas and New Jersey, delivering more than 100 million gallons of fuel per day to states in the Southeast.

Shutting down the pipeline for multiple days caused fuel shortages in states like North Carolina, Georgia, Virginia, South Carolina, and Florida. It also sparked an increase in gasoline prices and panic buying among residents.

Colonial Pipeline announced that it safely restarted its pipeline system on Wednesday evening, but it would likely take several days before it would return to its normal operations. People living in the impacted states have been asked to not “hoard” fuel as the company works to restore full service to the pipeline.

DarkSide appeared to express regret on Monday in a statement released on its dark web site after realising the extent of the damage caused by the Colonial Pipeline attack.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said, CNBC reports. “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

The company boasts a Robin Hood persona by claiming it only targets large corporations that are not related to medical, educational, or government entities. Portions of the money earned by the group during these ransomware attacks are then allegedly donated to charities.

But several attacks from DarkSide have veered away from the group’s “ethical” code.

Source

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes