News / Politics

US Colonial Pipeline says paid millions in ransom to hackers to restore pipeline

Thursday, 20 May 2021 6:31 AM [ Last Update: Thursday, 20 May 2021 6:32 AM ]

US gas stations begin to run out of gasoline after motorists rushed to fill up on May 11, 2021 in Atlanta, Georgia, US. (Photo by AFP)

US Colonial Pipeline says it has paid $4.4 million in ransom to hackers after a major cyberattack as it was not sure how long it would take to restore the pipeline and how badly its systems were breached.

The company’s CEO, Joseph Blount, told the Wall Street Journal he recognized the payment was a "highly controversial decision," but that it was a necessary action given the debilitating impact of the multi-day shutdown on the United States.

"I will admit that I wasn't comfortable seeing money go out the door to people like this," Blount said, adding that he paid the extortion money for the greater good.

He said the ransom payment was made on May 7 hours after the devastating cyberattack that blocked Colonial’s access to its computer systems.

The rapid payment, however, couldn’t prevent the shutdown of the 5,500-mile (8,850-km) Colonial Pipeline. The hack provoked a gas crisis on the East Coast as the shutdown prevented millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

The cyberattack left thousands of gas stations without fuel across the Southeast, shooting gas prices to a seven-year high.

The national gas price rose this week to $3.045 a gallon, the highest since October 2014 as many areas were still recovering from last week's shutdown of Colonial Pipeline, the United States' largest fuel pipeline network.

Cyberattack that shut major pipeline exposes vulnerabilities in America’s energy infrastructure

A cyberattack that shut the largest US gasoline pipeline has highlighted vulnerabilities in America’s critical energy infrastructure.

The pipeline's shutdown also prompted panic buying in the eastern United States that caused 90% of fuel stations in Washington, DC, to run out. Outages in North Carolina fell to about 50%, while shutdown in South Carolina, Georgia and Virginia were under 50%, GasBuddy said.

The closure, which has been the most disruptive cyberattack on record, came just ahead of the Memorial Day holiday weekend at the end of May, the traditional start of peak-demand summer driving season.

DarkSide, the group blamed for attacking Colonial Pipeline systems, has said it recently hacked four other companies. A website it used to communicate went dark last week.

The payment was made as a source working with Colonial and the government on the hack response and private sector security sources had said last week that Colonial was not planning to pay the ransom.

After making the ransom payment on the night of May 7, Colonial Pipeline received a decryption tool from the hackers. The ransom payment was made in bitcoin, US media said.

Blount also said while the pipeline's flow has returned to normal, the episode will cost Colonial tens of millions of additional dollars to completely restore the operations over a matter of months.

The Colonial's ransom payment underlines the dilemma facing American companies whose networks have been compromised by online extortionists.

US officials and the FBI have discouraged companies from paying, but the US companies can be completely paralyzed by hackers with potentially far-reaching consequences in cases like Colonial's.

Paying ransoms have also allowed cash-rich cybercriminals to move on to an increasing number of targets.

US President Joe Biden signed an executive order last week to bolster cybersecurity after the pipeline hacking that caused severe gas shortage and panic buying on the US East Coast.

Over the past year, some 2,400 ransomware attacks have hit American corporate, local and federal offices in extortion plots that lock up victims’ data.

Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, said recent cyberattacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”