US fuel pipeline ‘paid hackers $5m in ransom
A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack.
Colonial Pipeline suffered a ransomware cyber-attack over the weekend and took its service down for five days, causing supplies to tighten across the US.
CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.
Colonial said on Thursday that it would not comment on the issue.
On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang.
Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.
The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.
The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.
The average price per gallon hit $3.008 (£2.14) – the highest level seen since October 2014, according to the Automobile Association of America.
US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.
According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.
Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.
However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event.
It said it had put protective measures in place immediately after the attack.
In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.
Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia.
The news that Colonial Pipeline paid these criminals is a major blow to President Biden.
Only this week he signed a long-awaited executive order to beef up federal cyber-security and, in turn, make the US more secure from future attacks.
These efforts have, in the view of some in the cyber-security world, been completely undermined.
How can the Biden administration encourage corporations to spend millions securing their computer networks from attack when they’ve just witnessed Colonial, under the glare of the public eye, cave in to criminal demands and pay their way out of trouble?
The news will swell the ranks of those in the security world who want ransomware payments banned.
But with companies, jobs and sometimes lives put at risk when ransomware hits, it is a tough call for policymakers.
The potential silver-lining in this case comes from reports that even after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves.
The DarkSide hacker crew can no longer claim that they can restore victims services quickly and this may make others question whether or not to give in to their demands.
‘Our goal is to make money’
Cyber-security firms told the BBC that DarkSide operates by infiltrating an organisation’s computer network and stealing sensitive data.
Typically, a day later the hackers will make themselves known, announcing that they have encrypted all the data in the network and are prepared to leak it onto the internet and delete it, if they are not paid a ransom by a certain deadline.
DarkSide operates by making the software used to execute this attack and then training affiliates to use it, who then give the gang a cut of the ransoms they take.
Following concerns the Colonial cyber-attack was caused by nation-state hackers with a political motive, DarkSide posted on its website: “Our goal is to make money and not creating problems for society.”
The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates and intended to “introduce moderation and check each company” its partners want to encrypt, “to avoid social consequences in the future”.
On Friday, Reuters reported that DarkSide’s website on the dark web was no longer accessible.
Colonial Pipeline’s website also continues to be offline.