Colonial paid hackers almost $5M in ransom: report

Colonial Pipeline paid almost $5 million in ransom to hackers last Friday despite reports that said the company had no intention of paying, Bloomberg news reported.

Sources familiar with the matter told Bloomberg that the company paid in untraceable cryptocurrency within hours after the attack. After the hackers received the payment, they provided the operator with a decrypting tool to restore its computer network.

However, one of the people said the tool was so slow that the company continued to use its own backups to help restore its system.

Colonial declined to comment to The Hill.

President Biden declined to comment when asked by a reporter on Thursday whether he was briefed on the company’s decision to pay the ransom.

Colonial Pipeline projected on Thursday that it would resume deliveries to normal by midday after being forced to shut down 5,500 miles of pipeline to contain Friday’s breach.

The breach led to panic-buying of gas across areas of the East Coast that were affected despite the White House warning against such actions.

The hackers are thought to be part of the criminal gang DarkSide, which prides itself on taking from corporations and giving some to charities.

The Washington Post reported on Wednesday that Colonial had no plans to pay the ransom but was working to restore data from the backup system. The company was working with cybersecurity firm Mandiant in helping restore some of the encrypted data.

Organizations often have to pay millions more than the ransom to recover if they choose not to pay hackers, which involves replacing entire IT systems and takes weeks.

But cybersecurity experts generally warn against paying ransom because there’s no guarantee that the files will be unlocked.

White House press secretary Jen Psaki declined to confirm to reporters on Thursday that the company paid the ransom but reiterated the position of the FBI that private sector companies should not pay the ransom because it “incentivizes” such attacks. She urged companies to learn from the attack by hardening their cybersecurity.

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, said at an event at George Washington University that the agency recommended against paying the ransom.

But he deferred questions on whether Colonial actually paid the ransom to the company.

“We recommend against paying the ransom, because it just feeds the business model,” Wales said. “I cannot confirm or deny whether Colonial paid the ransom, only Colonial would be able to answer that question.”

Rachel Frazin, Maggie Miller and Morgan Chalfant contributed.

Updated at 1:02 p.m.