Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Colonial Pipeline paid $5m ransom to hacking group DarkSide after huge attack, report says

Company sent the ransom in untraceable cryptocurrency, according to the report

Danielle Zoellner
New York
Thursday 13 May 2021 11:58 EDT
Comments
The FBI names DarkSide as the hacker group behind the ransomware attack on Colonial Pipeline

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Colonial Pipeline paid nearly $5m to ransomware group DarkSide following a cyberattack that forced the company to shut down its pipeline for six days, Bloomberg reports.

Initial reports indicated that the Georgia-based company had no intention to pay the extortion fee while it attempted to restore full service to its operating system. But multiple sources told Bloomberg that Colonial Pipeline paid the hefty ransom in untraceable cryptocurrency on Friday.

The Independent has contacted Colonial Pipeline for a comment.

DarkSide, a Russian-based hacker group, was named by the FBI on Monday as being responsible for the ransomware attack that Colonial Pipeline first reported on Friday.

Typically an attack involves hackers locking up computer systems by encrypting data and paralysing networks before asking for a large ransom from the targeted company to unscramble it.

After DarkSide received payment from Colonial Pipeline, the hackers provided the operator with a decrypting tool that would restore the company’s computer network, thus allowing for pipeline services to resume, Bloomberg reports. But the company also reportedly used its own backups to restore the system due to how slowly the provided tool worked.

A decision to pay the ransom may have been due to the pressure Colonial Pipeline faced in restoring its fuel services.

This pipeline runs about 5,500 miles between Texas and New Jersey, delivering more than 100 million gallons of fuel per day to states in the Southeast.

Shutting down the pipeline for multiple days caused fuel shortages in states like North Carolina, Georgia, Virginia, South Carolina, and Florida. It also sparked an increase in gasoline prices and panic buying among residents.

Colonial Pipeline announced that it safely restarted its pipeline system on Wednesday evening, but it would likely take several days before it would return to its normal operations. People living in the impacted states have been asked to not “hoard” fuel as the company works to restore full service to the pipeline.

DarkSide appeared to express regret on Monday in a statement released on its dark web site after realising the extent of the damage caused by the Colonial Pipeline attack.

"We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives," the statement said, CNBC reports. "Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

The company boasts a Robin Hood persona by claiming it only targets large corporations that are not related to medical, educational, or government entities. Portions of the money earned by the group during these ransomware attacks are then allegedly donated to charities.

But several attacks from DarkSide have veered away from the group’s “ethical” code.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in