Colonial Pipeline Pays Ransom to Restart Pipeline
The Colonial Pipeline launched the restart of its operations following a six-day shutdown last week caused by a ransomware attack. According to media reports, Colonial Pipeline Co paid nearly USD 5 million cryptocurrency to Eastern European hackers linked to a group called DarkSide, specializig in digital extortion and are believed to be located in Russia or Eastern Europe. Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system
Colonial Pipeline warned it will take several days for service to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. The Colonial Pipeline will move as much gasoline, diesel and jet fuel "as is safely possible and will continue to do so until markets return to normal.
The Colonial Pipeline took itself offline after suffering a ransomware attack. the company halted operations because its billing system was compromised and they were concerned they wouldn't be able to determine how much to bill customers for fuel they received.https://www.zdnet.com/a/hub/i/2021/05/08/a9ec5ed0-d186-4ef4-b8aa-af02d1a0901c/colonial-pipeline-system-map.jpg