Colonial Pipeline, the US operator of fossil fuel distribution infrastructurelast week, may have paid a $5m ransom to the ransomware operators within hours of being locked out of critical systems, according to reports. According to anonymous sources close to the incident, in an anonymous cryptocurrency and received the decryption tool. However, this tool allegedly worked so slowly that the from backups, which somewhat negated the point of paying.
infrastructure are understood to have resumed on Wednesday, 12 May. According the resumption of operations was delayed because the ransomware attack hit the firm’s billing system. Therefore, it was forced to shut off supplies because it could not guarantee its customers would pay.
Bloomberg, the first to report the apparent payment, also said the US government was aware a ransom had been paid.At the time of writing, Colonial Pipeline’s security partner Imperva is blocking legitimate access to its website from outside the US using its. It has, therefore, not been possible at the .
Armis’ European cyber-risk officer, Andy Norton, said: “I don’t think we are at the end of this story; there is no clear winner here. DarkSide may have been paid $5m to destroy the data they hold and unencrypt the affected files, but in doing so, they became ain future US and Russia dealings.
“Darkside knows it is public enemy number one right now, evenabout the collateral damage to their attack [and] other criminal affiliates will be trying to distance themselves from Darkside, to avoid getting rolled up in the future investigations,” he said. “If there is a loser, it’s the , who now have to cover the costs.”
Robert Golladay, EMEA and APAC director atsaid that Colonial Pipeline may have had insurance against ransomware could have been a factor in why it was targeted. “Hackers are figuring out who is insured, which tells them the company has valuable assets and will be in a position to pay,” he said.
“As we see in the Colonial attack, instances of ransomware are. This type of , scales, is predictable, and is a way for attackers to make easy money. Some criminal enterprises, like DarkSide, are funneling the moneyfunnelck into the tools they are using.”
Unconfirmed reports have emerged today (Friday, 14 May) that the DarkSide ransomware infrastructure has been, possibly in a law enforcement response.