Security News > 2021 > May > Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals
Colonial Pipeline on Thursday restored operations to its entire pipeline system nearly a week following a ransomware infection targeting its IT systems, forcing it to reportedly shell out nearly $5 million to restore control of its computer networks.
"Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal."
Bloomberg, citing "Two people familiar with the transaction," said the company made the payoff within hours after the DarkSide ransomware attack to get hold of a decryptor, which turned out to be so slow that Colonial instead used its own backups to recover systems rendered inoperational by the ransomware.
The U.S. Cybersecurity and Infrastructure Security Agency doesn't condone paying a ransom to criminal actors, as doing so may embolden adversaries to target more organizations and encourage other cybercriminals to engage in the distribution of ransomware.
In the wake of the Colonial Pipeline attack, the operators of the DarkSide ransomware issued a statement on their dark web extortion site, pledging it intends to vet the companies its affiliates are targeting going forward to "Avoid social consequences in the future." What's more, xss.
The recent wave of cyber assaults aimed at SolarWinds, Microsoft Exchange, and Colonial Pipeline has also prompted the U.S. government to take steps to shore up defenses by "Protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States' ability to respond to incidents when they occur."