The colonial pipeline paid the robber about 75 bitcoins (about $ 5 million) to recover the stolen data, according to people who were briefed on the deal.
Payments were made last week after a cybercriminal ransomware disrupted the colonial pipeline’s business network. Ransomware is a type of malware that encrypts data until the victim pays, threatening to publish it online. The colonial pipeline shut down pipeline operations preemptively because it prevented ransomware from spreading and there was no way to bill customers offline for business and accounting networks.
The closure of the company’s 5,500-mile pipeline, which supplies nearly half of its gas, diesel and jet fuel to the east coast, has created a chain of crisis leading to an emergency meeting at the White House, soaring gas prices and hoarding. Forced gas pumps, and some airlines to stop fuel on long-haul flights.
The ransom payment was first reported by Bloomberg. A colonial spokeswoman refused to confirm or deny that the company paid the ransom.
President Biden also refused to answer at a press conference Thursday about whether the colonial pipeline paid the robbers. He did not rule out the possibility that the administration would target cybercriminals, ransomware costumes called Dark Side, in retaliation attacks. He said the United States would pursue “measures to disrupt their ability to operate.”
“It is the FBI’s recommendation not to pay the ransom in these cases,” White House spokeswoman Jen Psaki said in another briefing. It can motivate cybercriminals to make more attacks. “A private sector entity or company will make its own decisions,” she added.
It took a few days for the colonial to bring the pipeline back online. Authorities said the process would take some time. Mr Biden advised Americans not to buy up gas and warned gas companies to refrain from cutting prices.
“It’s not like flicking a lamp switch,” he said, saying the colonial pipeline had never been closed.
Colonial does not share much detail about the incident or why the pipeline needed to be shut down. The pipeline is isolated from business operations by other operators for safety reasons. Cyber security experts say the attacks and their consequences indicate a lack of cyber resilience and planning.
Cyber security journalist Kim Zetter first reported that Colonial shut down the pipeline, partly because the billing system went offline and there was no way to charge customers.
Many organizations across the United States, including police stations, have opted to pay ransomware robbers rather than suffering loss of critical data or paying the cost of rebuilding computer systems from scratch. did.
In another ransomware attack on the Washington, DC Metropolitan Police Department, hackers said the price the police offered to pay was “too small,” dumping 250 gigabytes of data online, including a database that tracks gang members and social media. Did. Save request.
“This is an indicator of why we should pay,” a cybercriminal called Babuk said in an online post. “The police also wanted to pay us, but we found that the amount was too small. Look at this wall of shame,” they write. Just pay us! “
The Colonial Pipeline paid hackers 75 Bitcoins (about $ 5 million).
Source link The Colonial Pipeline paid hackers 75 Bitcoins (about $ 5 million).