Colonial Pipeline reportedly paid $5M to hackers after ransomware attack

The company paid the ransom in cryptocurrency within hours after the attack, reports Bloomberg.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
2 min read

Colonial Pipeline paid nearly $5 million in cryptocurrency to hackers after a ransomware attack caused the shutdown of a major US petroleum pipeline last week, according to a report from Bloomberg on Thursday, citing people familiar with the transaction. This contradicts earlier reports that the company wasn't planning on paying the ransom

The company didn't immediately respond to a request for comment on the report. In an update posted to its website on Thursday morning, Colonial Pipeline said it has made "substantial progress" in restarting its pipeline and expects to be operation in each market its serves later today.

Colonial Pipeline said it learned about the cyberattack on May 7 and halted all pipeline operations in order to prevent the malicious software from spreading. The shutdown led to concern of widespread gas shortages along the East Coast. 

The ransomware attack, blamed on a hacker group known as the Darkside, also reignited concerns about the vulnerability of critical infrastructure. Ransomware is a type of malware that hackers use to scramble a company's computer data and hold it hostage until a ransom is paid. 

Colonial Pipeline paid the steep ransom within hours after the attack and was given a "decrypting tool to restore its disabled computer network," according to Bloomberg. However, the company also continued to use its own backups to restore the system, an unnamed source told Bloomberg, because the decrypting tool was slow.

President Joe Biden signed an executive order on Wednesday aimed at improving US cybersecurity defenses, an action that follows a string of cyberattacks on the federal government and private companies. During a press briefing Thursday, Biden said the FBI doesn't believe the Russian government was involved in the attack but that there's "strong reason to believe" the criminal hackers are based in Russia. 

"This event is providing an urgent reminder of why we need to harden our infrastructure and make it more resilient against all threats, natural and man-made," the president said. 

Biden declined to comment on whether he was briefed on Colonial Pipeline allegedly paying the ransom.