WASHINGTON – Colonial Pipeline paid a ransom to hackers after the company fell victim to a widespread cyberattack, a source familiar with the situation confirmed to CNBC.
A US official, who spoke on condition of anonymity, confirmed to NBC News that Colonial paid nearly $ 5 million as a ransom to cybercriminals.
It was not immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. Bloomberg first reported on the payment of the ransom.
Earlier Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government’s position not to pay ransoms as it may incentivize cybercriminals to launch more attacks.
Last week’s assault, carried out by a criminal cyber group known as DarkSide, forced the company to shut down roughly 5,500 miles of pipelines, disrupting nearly half of the East Coast’s fuel supply and causing shortages. of gasoline in the southeast.
Ransomware attacks involve malware that encrypts files on a device or network rendering the system inoperable. The criminals behind these types of cyberattacks often demand a ransom in exchange for the disclosure of data.
On Monday, White House national security officials described the assault as economically motivated in nature, but did not say whether Colonial Pipeline agreed to pay the ransom.
“It’s usually a private sector decision,” Anne Neuberger, assistant national security adviser for emerging and cyber technologies, told reporters at the White House when asked about paying the ransom.
Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberg discusses the disruption of the colonial gas pipeline after a cyberattack during the daily press conference at the White House in Washington, USA, May 10, 2021 .
Kevin Lemarque | Reuters
“We recognize that victims of cyberattacks are often faced with a very difficult situation and often have to balance cost-benefit when they have no other option with regard to paying a ransom. Colonial is a private company and we will defer information on their decision to pay them a ransom, “Neuberger said.
He added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage more malicious activity.
Earlier Monday, the DarkSide group described its actions as “apolitical” in a statement provided to CNBC by Cybereason.
“We are apolitical, we do not participate in geopolitics, we do not need to bind ourselves to a defined government and seek our motives,” the group wrote.
“Our goal is to make money, and not create problems for society. Starting today, we introduce moderation and review each company that our partners want to encrypt to avoid social consequences in the future, “the statement added.
Biden told reporters on Monday that the US currently has no intelligence linking the DarkSide group’s ransomware attack to the Russian government.
“So far there is no evidence from our intelligence people that Russia is involved, although there is evidence that the actor’s ransomware is in Russia, they have some responsibility to deal with this,” Biden said from the White House on Monday.
He added that he would still discuss the situation with Russian President Vladimir Putin.
The Kremlin has previously denied claims that it has launched cyberattacks against the United States.
On Wednesday, Colonial Pipeline said in an evening statement that it had restored operations days after it was forced to shut down its entire system due to the cyberattack. The company described its decision to temporarily shut down the pipeline service as a precautionary measure.
“Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel and jet fuel as possible safely and will continue to do so until markets return to normal, “the company added.
The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, IT company SolarWinds software was breached, allowing hackers to gain access. to communications and data in various government agencies.
In April, Washington formally held the Russian Foreign Intelligence Service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as “the largest and most sophisticated attack the world has ever seen.” Microsoft’s systems were also infected with malicious software.
The Russian government denies all allegations that it was behind the SolarWinds hack.