Oil pipeline company Colonial has indeed paid ransom to hackers who encrypted the company’s computers. 3.6 million euros was transferred in bitcoin, the company’s director admits after media reports.
“I know it’s a controversial decision. I didn’t take it lightly,” Joseph Blount told The Wall Street Journal. “I admit it doesn’t feel good to see money going to these people, but it was the best for the country.”
Colonial operates the longest oil pipeline in the US, running from the Gulf Coast in the south to the New York region. Two weeks ago, the company took the entire system offline when it was discovered that hacker group DarkSide had entered the computer system.
Because the supply came to a standstill and motorists started hoarding, large shortages arose in the states that depend on Colonial. Almost half of all fuel for the US East Coast passes through this pipeline. Although the system has now been restarted, there are still about 9,500 petrol pumps without stock.
A Colonial spokesperson points out that it was initially not clear how great the nuisance would be. That is why it was quickly decided to pay the hackers. “Tens of millions of Americans rely on us: hospitals, emergency services, police, firefighters, airports, truck drivers and motorists.”
After Colonial paid, the hackers provided a program with which the encrypted data could be retrieved. However, that software was so slow that the company mainly had to use its own backups to resume it.
In general, the FBI does not recommend that companies pay ransom to get rid of ransomware; that only encourages the perpetrators to attack other companies as well. Blount says he has consulted in advance with experts who had previously negotiated with the Darkside.