Colonial Pipeline Paid the Ransom, But That's Not the End of the Story

Posted: Jun 09, 2021 2:30 PM
Colonial Pipeline Paid the Ransom, But That's Not the End of the Story

Source: AP Photo/Jay Reeves

Shortly after Colonial Pipeline was hit with a ransomware attack, the CEO of the company, Joseph Blount, made the decision to pay the ransom—something the FBI advises companies should never do because it "doesn't guarantee you or your organization will get any data back," plus it "encourages perpetrators to target more victims." 

In explaining why the company coughed up the $4.4 million ransom payment, Blount said "executives were unsure how badly the cyberattack had breached its systems or how long it would take to bring the pipeline back." 

He also called their decision "the right thing to do for the country." 

Even with quick payment, however, the pipeline was shut down for six days, resulting in gas shortages along the East Coast, and a bill (in addition to the ransom) of tens of millions, according to Blount. 

So the fact that the Department of Justice has recovered most of the ransom is likely welcome news for the company. 

"After Colonial pipeline's quick notification to law enforcement and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California, earlier today the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the DarkSide network in the wake of last month's ransomware attacks," said Lisa Monaco, President Biden’s deputy attorney general, during a press conference on Monday afternoon. 

"Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response," she continued. "DarkSide is a ransomware-as-a-service network. That means developers who sell or lease ransomware to use in attacks, in return for a fee or a share on the proceeds. DarkSide and its affiliates have been digitally stalking U.S. companies for the better part of last year and indiscriminately attacking victims that include key players in our nation's critical infrastructure. Today, we turned the tables on DarkSide." 

The DOJ said the seizure was "a first-of-its-kind effort by a new ransomware task force in the department to hijack a cybercrime group's profits," according to The New York Times.