Colonial Pipeline paid Eastern European hackers nearly US$5 million in ransom

The company paid the extortion fee in untraceable cryptocurrency within hours after the cyberattack

Colonial Pipeline became aware of the hack around May 7 and shut down its operations, which led to fuel shortages along the East Coast

Reading Time:3 minutes

Colonial Pipeline became aware of the hack around May 7 and shut down its operations, which led to fuel shortages along the East Coast. Photo: TNS

Published: 11:40pm, 13 May 2021Updated: 7:44pm, 14 May 2021

Colonial Pipeline Co. paid nearly US$5 million to Eastern European hackers last week, contradicting reports that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get petrol and jet fuel flowing again to major cities along the Eastern Seaboard, those people said.

A third person familiar with the situation said US government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

They had to pay. This is a cyber cancer. You want to die or you want to live?

Ondrej Krehel, CEO of digital forensics firm LIFARS

A representative from Colonial declined to comment, as did a spokesperson for the National Security Council. Colonial said it began to resume fuel shipments around 5pm Eastern time on Wednesday.

The hackers, which the FBI said are linked to a group called DarkSide, specialise in digital extortion and are believed to be located in Russia or Eastern Europe.