Contrary to previous reports, it has now emerged that Colonial Pipeline paid ransomware gang DarkSide almost €5 million in their choice of cryptocurrency. The DarkSide ransomware gang attacked the Colonial pipeline late last week, dumping 100 GB of data while encrypting Colonial's network. Colonial admitted to the attack, which shut down one of the country's main gas pipelines, but did not provide information about the ransom. However, Bloomberg, citing two anonymous people allegedly involved in the transaction, now claims that the company paid the entire ransom in cryptocurrency, and in fact paid it within hours of the attack. There has been no official word from Colonial about the payment, although the company has confirmed that it has already resumed operations.
Online return
One of the anonymous sources told Bloomberg that the hackers provided Colonial with a decryption tool after receiving the ransom. However, the decryption tool was not fast enough, forcing Colonial to use its own backups to help restore the system now that it was unlocked. The attack appears to have forced US President Joe Biden to sign an executive order outlining steps software companies must take to engage with the government to prevent potential future cyberattacks. US government officials are said to be aware that Colonial allegedly paid the ransom to crack its network, although during a press conference related to the attack, President Biden declined to comment on the transaction. However, he confirmed that the FBI had strong evidence to believe that the attack originated from Russia, but added that there was no suggestion that the Russian government had a role in the attack. Via Bloomberg