8 Jun 2021

Colonial Pipeline: US recovers most of ransom, justice department says

3:04 pm on 8 June 2021

The US has recovered most of the $US4.4 million ($NZ6.09m) ransom paid to a cyber-criminal gang responsible for taking the Colonial Pipeline offline last month.

Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021.

Colonial made a cryptocurrency payment as a ransom to hackers in the best interests of the US, its chief executive told media. Photo: AFP

DarkSide - which US authorities said operates from eastern Europe and possibly Russia - infiltrated the pipeline last month.

The attack disrupted supplies for several days causing fuel shortages.

According to the firm, the pipeline carries 45 percent of the East Coast's supply of diesel, petrol and jet fuel.

On Monday, Deputy Attorney-General Lisa Monaco said investigators had "found and recaptured" 63.7 Bitcoin worth $US2.3m - "the majority" of the ransom paid.

The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

It has since urged companies to increase security measures against ransomware attacks. Commerce secretary Gina Raimondo said on Sunday that US President Joe Biden would raise the issue of such attacks with Russian leader Vladimir Putin in a meeting planned this month.

Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.

Company grateful to FBI

In a statement Joseph Blount, chief executive of the Colonial Pipeline Company, said his firm was grateful for the "swift work and professionalism" of the FBI, which helped to recover the ransom.

"Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks," he added.

After the attack in May, Colonial made a cryptocurrency payment, and in return the company received a decryption tool so it could unlock the systems compromised by the hackers - although that was not enough to restart systems immediately, according to the Wall Street Journal.

Blount told the newspaper he authorised the payment on 7 May after discussions with experts who had previously dealt with DarkSide.

He said he "didn't make [that decision] lightly," but believed "it was the right thing to do for the country".

Tavon Clodfelter watches the petrol pump anxiously in Fayetteville, North Carolina, on 12 May. Most stations in the area along  have been without fuel following the hack of the Colonial Pipeline.

There were fears of fuel shortages for motorists in some parts of the US during the incident. Photo: AFP

Blount added that it would take months before some business systems were recovered, and estimated that the attack would ultimately cost the company tens of millions of dollars.

At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.

"Our goal is to make money and not creating problems for society," DarkSide wrote on its website.

"We do not participate in geopolitics, do not need to tie us with a defined government and look for... our motives," the group added.


Get the RNZ app

for ad-free news and current affairs