The world has taken notice of the ransomware attack on the Colonial Pipeline in the U.S. Given the aftermath of the attack, which caused panic and massive fuel shortages across the East Coast, even countries like Japan have initiated stringent measures to protect their critical as well as private assets. The Biden administration has also signed an Executive Order with the intent of fortifying the country’s cyber defenses that have been targeted extensively in the recent past. However, amid all the chaos, Colonial Pipeline has reportedly confirmed paying a ransom to its attackers for quickly reinstating its paralyzed services.
Paying Ransom, the Last Resort
On May 7, around 5:30 a.m., Colonial Pipeline’s internal team members discovered they were targeted with a sophisticated ransomware attack when one of the control-room operators received a ransom note on the computer. They locked their systems to contain and stop the further spread of the attack to its 260 delivery nodes across 13 states. It took them just over an hour to successfully complete the shutdown procedure, eventually preventing its operational technology (OT) systems from getting infected.
However, damage was done to its IT infrastructure and the Colonial’s team was not sure about the extent, time, and cost of getting back up and running. This led the CEO, Joseph Blount to make a difficult decision – paying up. In an interview with the Wall Street Journal, Blount acknowledged he authorized the ransom payment of 75 Bitcoins, which approximately accounts $4.4 million.
I know that’s a highly controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.
Whether paying the ransom was the right thing to do or not, as Blount said, it is “highly controversial.” But an official advisory issued late last year by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), states that it is “illegal” to pay ransom to any cybercriminals. In the purview of this announcement, Colonial’s ransom payment is rather questionable. Since more than 9,500 gas stations were out of fuel within a matter of few days, with no clear timeline on the restoration of services even after taking expert help from an unnamed firm who has reportedly dealt with the same ransomware gang (DarkSide) in the past, Blount probably agreed upon the inevitable.
As we previously reported, Colonial Pipeline initiated the restart of pipeline operations at approximately 5 p.m. ET on Wednesday, May 12. Since that time, we have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve. pic.twitter.com/UJG7SqUxSQ
— Colonial Pipeline (@Colpipe) May 15, 2021
As of May 15, Colonial Pipeline’s services had been restored barring a few glitches in the past few days where intermittent disruptions were experienced during its “hardening efforts” of the ongoing restoration process. The company’s Twitter handle clarified that the interruption did not have anything to do with the ransomware attack.