Colonial Pipeline evidently paid the Russia-linked hacking group DarkSide a $5 million ransom in untraceable cryptocurrency just a few hours after the attack took place on Friday in order to regain access to their network.
On Tuesday, anonymous sources told Bloomberg, Reuters, and The Washington Post the company had no intention of paying the ransom, but those claims now appear to be incorrect as they had already ponied up the demanded funds.
Even though Colonial Pipeline paid the ransom after the demand came in, it took them another six days to start restoring access to the pipeline. This is evidently because of the slow decryption key provided by the hackers which forced the company to use its own backups to more quickly facilitate getting back online. It gives the appearance that DarkSide intentionally meant to draw out the crisis as long as possible even though they got what they wanted. Because of the delay, severe gas shortages, panic buying, hoarding, and general chaos has been triggered across numerous states.
Even with the restart, as of Thursday morning, 71 percent of gas stations in North Carolina are without gas, as are half the stations in Florida, D.C., South Carolina, Virginia, and Georgia. Colonial Pipeline supplies an estimated 45 percent of the fuel consumed on the East Coast.
(Video Credit: ABC News)
Needless to say, many critics blasted Colonial Pipeline for setting a dangerous precedent by paying the ransom:
The United States government should have stepped in and stopped this ransom payment in the interest of national security. The potential implications of hackers around the world knowing they can get rich by attacking our critical infrastructure are absolutely frightening. https://t.co/WUkX7wVY7b
— Jesse Kelly (@JesseKellyDC) May 13, 2021
I don’t care if Colonial Pipeline is a private company. They are engaged in the interstate transportation of fuel; a service of critical interest to the public. The Feds should’ve stepped in immediately. Instead, the company paid a $5 mil ransom. Hackers are watching.
— Eric Matheny 🎙 (@EricMMatheny) May 13, 2021
This sets a terrible precedent & will undoubtedly inspire future hacks. The public needs to know the role, if any, the federal govt had in allowing this ransom to take place. https://t.co/viiwHrZoWW
— Alyssa Farah (@Alyssafarah) May 13, 2021
White House Press Secretary Jen Psaki conveniently argued because Colonial is a private company, paying the ransom was none of the government’s business.
On companies paying ransom in cyber attacks, @PressSec Jen Psaki: "It's the recommendation of the FBI to not pay ransom in these cases …because it can incentivize similar attacks." But "private sector entities or companies are going to make their own decisions." pic.twitter.com/wE1GhxlQrQ
— Jennifer Jacobs (@JenniferJJacobs) May 13, 2021
It’s being predicted that the outages will spread from New Jersey to Mississippi and that over 10,000 gas stations will be offline. The national average of a gallon of gas is now $3.028 and in some places, it is reportedly $7 a gallon.
It will take a number of days for the 5,500-mile pipeline to return to normal according to Colonial. Full functionality could take as long as two weeks. Reports of massive lines are coming in with some lines allegedly reaching over 100 cars long.
Reportedly, gas travels through the pipeline at five miles an hour. That means it would take two weeks to reach New York once the pipeline is restored from the Texas refining hub. Jet fuel and diesel will take even longer.
Colonial Pipeline released a statement on Thursday: “By mid-day today, we project that each market we service will be receiving product from our system.”
We just got off the phone with #ColonialPipeline CEO. They are restarting pipeline operations today at ~5pm. More soon.
— Secretary Jennifer Granholm (@SecGranholm) May 12, 2021
Analyst Patrick De Haan from GasBuddy expects the shortages to get even worse over the next two days before turning around. He tweeted: “While the Colonial Pipeline is restarting, the [gas station] outage numbers may drift higher over the next 48 hours before then beginning to fall.”
When the cyberattack took place it put a halt to roughly 2.5 million barrels per day of shipments for jet fuel, diesel, and gasoline. The pipeline is called the “jugular” of America’s infrastructure for good reason. This has become a national security issue.
The company is also warning of “intermittent service interruptions during the start-up period.”
The company has opened portions of the line manually in the Carolinas, Georgia, Maryland, and New Jersey.
Colonial says they are working with cybersecurity experts in their investigation of the attack. They are also taking additional security measures as they restart the system.
A forensic report stated that the “most likely culprit” within the company’s IT infrastructure was the vulnerable Microsoft Exchange services, as reported by New York Times reporter Nicole Perlroth. There were a number of other issues that were characterized by researchers as an overall “lack of cybersecurity sophistication.”
Interesting forensic finding on Colonial Pipeline: They were STILL using a vulnerable version of Microsoft Exchange (the same systems exploited by Chinese hackers that was revealed in March), among other notable lapses. Per Coalition. pic.twitter.com/TvsEN8S3Ew
— Nicole Perlroth (@nicoleperlroth) May 11, 2021
- SCOTUS rules in favor of cops in two qualified immunity cases - October 18, 2021
- Seattle police officers take a stand, hang Gadsden flags from patrol car windows - October 18, 2021
- Soros gave $659K to Loudoun Co. prosecutor seeking jailtime for dad; she defends sending his daughter’s attacker to another school - October 18, 2021