Colonial Pipeline paid hackers linked to the DarkSide cybercrime group nearly $5 million in cryptocurrency after last week's ransomware attack, Bloomberg first reported and the New York Times confirmed.
Why it matters: The breach of the largest refined fuels pipeline in the U.S. triggered new concerns about the vulnerability of the country's increasingly digitized energy systems.
- At least 11 states and Washington, D.C., have experienced gas shortages since a ransomware attack forced the critical pipeline, which runs from Texas to New York and carries 45% of the East Coast’s fuel supplies, to shut down last weekend.
- Colonial said in an update at 9 a.m. ET Thursday that service had resumed in a majority of its markets, and that it expects all markets to receive product by mid-day. It will take days before deliveries fully return to normal.
Between the lines: The FBI generally discourages companies from paying ransoms, noting that there's no guarantee that the hackers will unlock the systems and it could incentivize more cyber crime, per Bloomberg.
- White House deputy national security adviser Elizabeth Neuberger would not answer at a briefing on Monday whether Colonial had paid a ransom, saying they are a private company and that the White House would defer those "very difficult" decisions to them. Biden also declined to comment at a briefing Thursday.
- DarkSide, an Eastern European group that the FBI has blamed for the attack, said in a statement that its goal "is to make money, and not creating problems for society," per CNBC.
The big picture: The cyber breach will likely put pressure on federal agencies and Congress to harden defenses in the country’s sprawling networks of pipelines, electricity grids, power plants, petrochemical facilities and other energy infrastructure.
- Sen. Mark Warner (D-Va.), who's been a leading voice in Congress on the issue, told Axios that if Americans knew how many ransomware attacks were happening every day, it would "blow their minds."
- The Colonial hack, coupled with the Russians' SolarWinds attack — which had a breathtaking scale penetrating some 16,000 companies — has made people realize a cyber enemy could shut down an entire economy, Warner said.