Colonial Pipeline paid nearly $5 million to cybercriminals to recover stolen data and facilitate the reopening of its vital oil pipeline, according to a report in The New York Times.
Colonial was a victim of a ransomware attack by a hacking group called DarkSide. As is typically the case with a ransomware attack, Colonial’s network data was encrypted by the hackers, who then threatened to release the information online unless Colonial paid the demanded ransom.
As a pre-emptive security measure, Colonial shut down its pipeline – which spans from Texas to New Jersey and delivers nearly half of the transport fuels for the East Coast—impacting industries that rely heavily on transport fuel (like airlines) and restricting the availability of gasoline at stations across the Southeast. Colonial announced that it expected its pipeline to reach full operational capacity on Friday, but President Biden cautioned that consumers should not expect gas prices to recede immediately. “This is not like flicking on a light switch,” he advised.
According to the Times, the administration was working closely with the United States Cyber Command to investigate this ransomware incident and determine whether any actions could be taken against the hacking group to disrupt their ability to conduct future malevolent operations.
While the resumption of the pipeline is welcome news to millions of affected consumers and a multitude of businesses, paying ransom to criminals is always a controversial decision because – while it solves an immediate problem—it also serves to reward (and incentivize) extortionists. Moreover, while some view paying ransom to recover sensitive data as a cost of doing business in the modern world, there is no guarantee the cybercriminals will honor their word.
In response to the Colonial Pipeline cyber-attack, President Biden signed an executive order that sets minimum security standards for companies looking to provide software to the federal government. He is also attempting to use this incident to boost support for his proposed infrastructure bill, which presently allocates significant funding to improving cybersecurity.
Ransomware attacks are on the rise, and no industry is immune. Nixon Peabody’s Data Privacy & Cybersecurity team has guided many companies victimized by ransomware or other malware attacks.