Colonial Pipeline Said to Pay Ransom to Hackers Who Caused Shutdown

Colonial Pipeline Co. paid a ransom to the criminal hackers who caused the company to shut down the country’s largest conduit of fuel, according to people familiar with the matter, a payment that allowed the firm to obtain decryption tools to try to unlock its computer systems. The ransom, paid in cryptocurrency, was approximately $5 million at the time of the transaction, one of the people familiar with the matter said. The company restarted pipeline operations Wednesday and said it was resuming service throughout its entire system Thursday after a cyberattack last week forced it to shut it down, leading to regional gasoline shortages and higher prices. It couldn’t be learned whether the ransom payment directly enabled Colonial to restart its 5,500-mile conduit, which runs from Texas to New Jersey. Energy analysts said it would likely take days before gasoline supplies are returned to normal in affected states in the Southeast.Bloomberg reported earlier Thursday that Colonial had paid the hackers a sum of nearly $5 million, and that the decryption tool ultimately wasn’t effective in restoring operations. Instead, Colonial was able to recover by relying on system backups, Bloomberg reported. Colonial declined to comment on the ransom. The company, which estimates that it provides 45% of the East Coast’s fuel, shut down the pipeline last Friday after being hit by a ransomware attack. U.S. officials and cybersecurity experts have linked the attack to a Russian-speaking criminal gang known as DarkSide, believed to be based in Eastern Europe. Ransomware is a type of cyberattack that locks up a victim’s computer systems and demands payment from a victim to have the files released. Payments are usually made with cryptocurrency...WSJ