The DarkSide ransomware gang attacked the Colonial Pipeline late last week, making away with 100GB of data while encrypting Colonial’s network.
Colonial acknowledged the attack, which resulted in the shut down of one of the major fuel pipelines in the country, but didn’t provide any information regarding the ransom.
- These are some of the best endpoint protection software offerings around
- Check our list of the best firewall apps and services
- Here's our choice of the best malware removal software on the market
However Bloomberg, quoting two anonymous individuals who were reportedly involved with the transaction, now claims the company paid the full ransom in cryptocurrency, and in fact paid within hours of the attack.
There has been no official word from Colonial regarding the payment, though the company has confirmed that it has now resumed operations.
One of the anonymous sources told Bloomberg the hackers provided Colonial with a decrypting tool upon receiving the ransom.
However, the decrypting tool wasn’t fast enough, forcing Colonial to use its own backups to help restore the system now that it was unlocked.
The attack seems to have forced US President Joe Biden to sign an executive order that outlines steps for software vendors to engage with the government in order to prevent possible future cyberattacks.
US government officials are reportedly aware of Colonial paying the ransom to decrypt its network, though in a press briefing related to the attack, President Biden declined to comment on the transaction.
He did however confirm that the FBI has strong evidence to believe that the attack originated in Russia, but added that there’s nothing to suggest that the Russian government had any part to play in the attack.
- We’ve also compiled a list of the best antivirus products