Posted on May 20, 2021 at 7:34 PM
Colonial Pipeline Says It Made $4.4 Million Ransom Payment To Recover Data
Joseph Blount, Chief Executive Officer of Colonial Pipeline, which recently suffered a ransomware attack, admitted that the company paid a $4.4 million ransom.
According to Blount, the payment was made in Bitcoin on May 7 to recover the decrypted data from the threat actors.
Colonial Pipeline received a decryption tool after payment
After the payment, the threat actors sent a decryption tool for Colonial Pipeline to retrieve the data. However, the tool was not enough to completely restore the pipeline’s system.
A spokesperson of the company stated that a decision was quickly taken after it suffered a ransomware attack earlier this month. As a result, the company had to do everything within its power to restore its systems and get back to full operation as soon as possible.
“The decision was made to pay the ransom,” the spokesperson stated, adding that even though the decision wasn’t easy, the company thought it was the right decision.
The spokesperson pointed out that Colonial Pipeline is highly critical to the economy. As the largest fuel pipeline in the country, millions of Americans rely on its services, including airports, fire departments, law enforcement agencies, emergency medical services, and hospitals.
Blount stated that paying the ransom was the “right thing to do for the country,” even though law enforcement have advised against it.
He added that it took a long debate to unanimously decide to meet the ransomware gang demands.
The ransom payment was authorized to enable the company to restart the system safely and quickly, as any more delays will cause untold hardship to users.
The ransomware attack forced the company to shut down 5,500 miles of its pipeline, which spreads across states.
Blount also stated that he authorized the ransom payment because the company doesn’t have an idea of the extent of damage the hacking incident has caused to other systems and it was not sure how long it will take to restore the systems completely.
The ransomware attack has started causing some discomfort as the price of gas suddenly started rising, fuel stations started having temporary queues, and ‘state of emergency declarations were made in some states.
U.S. security agencies warn against ransom payments
The FBI and other U.S. law enforcement agencies generally advise organizations not to give in to any demand by threat actors for ransom payments.
Some international sanctions have also been placed on such types of payment as a means of discouraging and preventing similar attacks in the future. Their argument is based on the notion that more threat actors will engage in the business of ransomware attacks if they see that it is paying.
While Colonial Pipeline’s concern is on its present situation, the security agencies are more worried about the future implications of ransomware payments.
Also, the victimized organization had no assurance that the stolen files will be decrypted after the ransom has been paid. In some scenarios, the ransom has been paid but the company’s files later appeared on the dark web. As noted by security experts, some of the stolen data being released everywhere on the darknet were from companies that have previously paid a ransom for them.
But many organizations have ignored security agencies’ advice and proceed to meet the hackers’ demands. Even many government organizations have been known to pay a ransom, especially if the stolen database contains highly critical data.
Colonial Pipeline says it had no other option
In the case of Colonial Pipeline, the company said it explored other options but realized that the only possible way to get back the data at the shortest possible time is by paying the ransom.
Once the threat actors infiltrate the database, it is encrypted immediately, making it even difficult for the owners to access.
“I know that’s a highly controversial decision, but it was the right thing to do for the country,” he said while giving a reason for the ransom payment.
He however said the company consulted experts who have had experience with the DarkSide group responsible for the attack. The threat gang disbanded last week after making $90 million in Bitcoin from its victims within a year.
Multiple sources have also confirmed Colonial Pipeline’s ransom payment. According to crypto-tracking firm Elliptic, a payment of 75 Bitcoin was made the day after the hackers locked out Colonial Pipeline’s database.