Colonial Pipeline paid nearly $5 million to hackers who forced a shutdown of the largest fuel pipeline in the country, Bloomberg reports.
The company claimed earlier that it had no intention of paying the hackers behind the ransomware attack, which has resulted in panic-buying that sparked fuel shortages and rising gas prices along the eastern United States.
But Bloomberg reports that the company paid nearly $5 million in untraceable cryptocurrency to the hackers within hours of the attack. A source told the outlet that the US government is aware of the ransom.
The hackers provided the company with a decrypting tool to restore its disabled computed network after receiving the payment but the “tool was so slow that the company continued using its own backups to help restore the system,” according to the report.
The company has said it is restoring operations and should be fully back up by the weekend.
A tough call:
The FBI discourages organizations from paying such ransoms because there is no guarantee that bad players will cooperate after receiving payment and because it could encourage other would-be hackers.
But Deputy National Security Adviser Anne Neuberger told reporters on Monday that companies sometimes have no choice.
“We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” she said.
Ransomware on the rise:
The group behind the attack is believed to be called DarkSide, an extortion group reportedly based in Russia or Eastern Europe.
They are among a growing number of groups focused on ransomware attacks, which lock computers and demand payment to restore lost files. Some also threaten to release stolen files unless the ransom is paid.
A recent report from the Institute for Security and Technology found that ransomware attack victims paid $350 million in cryptocurrency last year, a 311% rise.
The average ransom was around $312,000.