Things are starting to return to normal for Colonial Pipeline who got pwned by ransomware by an Eastern European based group of hackers. This in turn caused gas stations to start to run out of gas yesterday. And here’s the reason why things are getting back to normal. They paid the hackers according to Bloomberg:
Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.
The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familar with the situation said U.S. government officials are aware that Colonial made the payment.
Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.
A representative from Colonial declined to comment, as did a spokesperson for the National Security Council.
I have always said that you shouldn’t pay scumbags like these as it only encourages them to do more attacks like this. Here’s a few more reasons why you shouldn’t pay up:
The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency says. Such guidance provides a quandary for victims who have to weigh the risks of not paying with the costs of lost or exposed records.
So while this news is disappointing, it isn’t surprising. These sorts of things are a business decision at the end of the day. Which means that companies should focus on defending themselves from these sorts of attacks so that they don’t have to make these sorts of decisions.