Colonial Pipeline coughed up around US$5 million last week to the Eastern European hackers who closed down the largest oil pipeline in the US, sparking widespread petrol shortages and panic buying across south-eastern states.
Bloomberg News reported that Colonial paid the money demanded just hours after the ransomware attack.
The Georgia-based company paid the ransom in untraceable cryptocurrency, Bloomberg reported, citing two people familiar with the transaction.
Once the hackers received the payment, they provided Colonial with a decrypting tool to restore its downed IT network, according to Bloomberg, which reported the fix was so slow that the company opted to use its own backups to help restore the system.
The FBI believes that the crippling cyberattack was orchestrated by a Russia-based criminal group called DarkSide.
The company said it started resuming operations Wednesday evening and by Thursday morning, product was flowing to most of the markets it services.
The Bloomberg report contradicts earlier reporting by the Washington Post and Reuters that said the company had no immediate intention of paying the ransom. Those outlets cited anonymous sources.
President Joe Biden on Wednesday signed an executive order intended to improve US cybersecurity after the hack. The order, among other things, establishes a new multiagency Cybersecurity Safety Review Board to review incidents and mandates that federal systems log cybersecurity incidents and use multifactor authentication and stronger encryption.
DarkSide is known to extort cash from corporations and give a cut to charity, the Associated Press reported Sunday, citing sources familiar with the federal investigation of the Colonial hacking.
In a statement reportedly posted on DarkSide’s website, the group claimed, “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
The statement, provided to CNBC by the Boston-based security company Cybereason, added: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives.”
While Biden stopped short earlier this week of linking the Kremlin and DarkSide, he said that “there is evidence that the actors’ ransomware is in Russia”.
During a White House briefing, Anne Neuberger, deputy national security adviser for cyber and emerging technologies, also described DarkSide as “a criminal actor” but said that “our intelligence community is looking for any ties to any nation-state actors.”