The operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems.
Colonial Pipeline said Wednesday that after it learned of the May 7 ransomware attack, the company took its pipeline system offline and needed to do everything in its power to restart it quickly and safely, and made the decision then to pay the ransom.
“This decision was not made lightly,” but it was one that had to be made, a company spokesman said. “Tens of millions of Americans rely on Colonial hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public.”
The situation with Colonial Pipeline is further complicated by the fact that the Colonial Pipeline Company itself was responsible for the shutdown. CEO Joseph Blount tells the Journal that its operational systems weren’t directly impacted, but it shut down the critical energy infrastructure so that it could determine how far hackers reached into its system. Before today’s confirmation, both CNN and cybersecurity reporter Kim Zetter suggested hackers specifically had access to the company’s billing system, rather than direct control over the pipeline itself.
DarkSide, the hackers responsible for the attack, were also oddly apologetic that their ransomware caused so much trouble, even though they ultimately got what they wanted. “Our goal is to make money and not creating problems for society,” the group wrote in a statement. Still, fuel shortages followed, and Colonial Pipeline said it just got back to normal operations on May 15th. Blount tells The Wall Street Journal the work to rebuild its business system is ongoing, though — it’s still unable to bill customers after the outage.
