Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations.
Jim Watson/Getty Images
The CEO of Colonial Pipeline confirmed that he authorized a $4.4 million ransom payment to hackers in order to get the critical energy artery operating after it was closed in order to prevent malicious software from spreading through its systems.
In a Wall Street Journal article published Wednesday, Joseph Blount acknowledged the decision was “controversial” but said it was in the country’s best interest to get the pipeline running again. The company paid about 75 bitcoin in exchange for decryption software, the paper reported.
“I didn’t make it lightly,” Blount said of the payment in his first remarks since the hack. “I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Colonial Pipeline, which shut down after the ransomware attack two weeks ago, has said its entire system has resumed normal operations, relieving concerns of a gas shortage along the East Coast of the US. The company delivers 100 million gallons of fuel a day.
Colonial closed its operations on May 7, when a ransomware infection was found on its computer systems. The shutdown affected the supply of gas in parts of the East Coast, with some people waiting an hour or more at filling stations or not finding gas at all. State and federal officials had warned against hoarding and panic buying that could exacerbate the problem.
The ransomware infection at Colonial highlighted the vulnerability of the country’s critical infrastructure, which has been the target of an increasing number of cyberattacks. Cities, schools and hospitals have all been hit by cybercriminals, who scramble a victim’s computers and then extort a payment to decrypt them.
Watch this:
America’s energy crisis: How the Colonial Pipeline was…
7:33
The FBI blamed the attack on a group called Darkside, which is believed to be based in Russia. President Joe Biden said the FBI doesn’t believe the Russian government itself was involved in the attack.
Darkside’s website has gone offline and the group is disbanding.
On May 12, Biden issued an executive order aimed at strengthening US cybersecurity. The wide-ranging action includes the creation of a Cyber Safety Review Board that will convene after major incidents. Members of the Defense and Justice departments, several security agencies and private sector specialists will be on the board.
Here’s what you need to know about the hack.
What happened?
Colonial Pipeline was hit with a ransomware attack. Bloomberg reported the hackers began their hack on May 6 by stealing about 100 gigabytes of data in a double extortion scheme that holds the data hostage and threatens to leak it. The company shut some of its operations after discovering malicious software in order to prevent it from spreading.
Read more: No gas shortage: Stop panicking, and what not to do
What’s a ransomware attack?
Hackers use ransomware — a type of malware — to scramble a company’s computer data and hold it hostage until a ransom is paid. Sometimes they employ a double extortion scheme by pilfering data and threatening to publish it.
What was Colonial’s immediate response?
The company, which operates pipelines for gasoline, jet fuel and other refined petroleum products, halted pipeline operations after discovering the hack. Colonial said it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.”
Colonial services seven airports and operates in 14 states. Its system is the biggest in the US, the company says, covering more than 5,500 miles. A legend on company’s tanks that are featured on its website reads “America’s Energy Lifeline.”
Who’s behind the attack?
The FBI blamed Darkside, a ransomware group, for the attack. The law enforcement agency said it was notified of the hack on May 7 and is investigating alongside the company and other government agencies.
As of May 14, the group appeared to have disbanded, according to The Wall Street Journal, which reported Darkside had told associates that it had lost access to the infrastructure it needs for its activities. The group said law enforcement actions had prompted its decision, according to the paper.
Cybereason, a security company based in Boston, wrote that Darkside focuses on targets in English-speaking countries and avoids operations in former Soviet bloc countries. It sells its ransomware, a model known as ransomware as a service, and maintains a help desk for negotiations with victims, Cybereason said.
How prevalent are ransomware attacks?
They’re pretty common. City governments around the US, including Baltimore’s and Atlanta’s, have been slammed by ransomware attacks. Hospitals have been shut down. In one case, a patient died because she had to be taken to a hospital nearly 20 miles away from her initial destination, which was dealing with a cyberattack.
Often, the victims pay to recover their data. Two cities in Florida — Lake City and Riviera Beach — together paid more than $1 million to unfreeze their systems. The cities paid in Bitcoin, a popular cryptocurrency. Law enforcement discourages the ransom payments.
The Cybersecurity and Infrastructure Security Agency and the Department of Energy are working with industry on guidelines to secure critical infrastructure, the White House said, sharing details on the attack that hit Colonial Pipeline and providing recommendations to reduce the likelihood of future incidents. The Biden administration added that it’s helping private sector companies improve their cybersecurity through the Industrial Control Systems Cybersecurity initiative.
Did the shutdown cause a gas shortage?
Federal and state officials took quick action to prevent a shortage though the shutdown did cause some motorists to fill up their tanks just in case.
A Department of Transportation agency posted a regional emergency declaration for 18 states and Washington, DC, “in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the Affected States.” The declaration is designed to keep the fuel supply on the East Coast flowing.
North Carolina, South Carolina and Virginia also declared states of emergency.
Concerns over a gas shortage helped temporarily push GasBuddy, a price-comparison app, to the top of Apple’s App Store, according to App Annie, although it’s since slid.
What about gas prices?
Prices did rise in the wake of the shutdown, but a GasBuddy analyst told MarketWatch that the increase reflected the reopening of the US economy. Currently, the average price per gallon in the US is about $3.07, more than 19 cents higher than it was a month ago, according to GasBuddy.
Watch this:
Will you recognize the gas station of the future?
9:35
Correction, May 13, 8:44 a.m. PT: Fixes spelling of Cybereason.