Colonial Pipeline paid $5m ransom to hackers

But no official word from the company or the US government

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Contrary to previous reports, it has now emerged thatColonial Pipelinepaid nearly $5 million to the DarkSideransomwaregang in their choice ofcryptocurrency.

The DarkSide ransomware gang attacked the Colonial Pipeline late last week, making away with 100GB of data while encrypting Colonial’s network.

Colonial acknowledged the attack, which resulted in the shut down of one of the major fuel pipelines in the country, but didn’t provide any information regarding the ransom.

HoweverBloomberg, quoting two anonymous individuals who were reportedly involved with the transaction, now claims the company paid the full ransom in cryptocurrency, and in fact paid within hours of the attack.

There has been no official word from Colonial regarding the payment, though the company has confirmed that it has now resumed operations.

Back online

Back online

One of the anonymous sources toldBloombergthe hackers provided Colonial with a decrypting tool upon receiving the ransom.

However, the decrypting tool wasn’t fast enough, forcing Colonial to use its ownbackupsto help restore the system now that it was unlocked.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The attack seems to have forced US President Joe Biden to sign an executive order that outlines steps for software vendors to engage with the government in order to prevent possible future cyberattacks.

US government officials are reportedly aware of Colonial paying the ransom to decrypt its network, though in a press briefing related to the attack, President Biden declined to comment on the transaction.

He did however confirm that the FBI has strong evidence to believe that the attack originated in Russia, but added that there’s nothing to suggest that the Russian government had any part to play in the attack.

ViaBloomberg

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)