
Colonial Pipeline paid its extortionists roughly 75 Bitcoin, or nearly $5 million, to recover its stolen data, according to people briefed on the transaction.
The payment came after cybercriminals last week held up Colonial Pipeline’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. Colonial Pipeline pre-emptively shut down its pipeline operations to keep the ransomware from spreading and because it had no way to bill customers with its business and accounting networks offline.
The shutdown of the company’s network, which includes 5,500 miles of pipeline that supplies nearly half the gas, diesel and jet fuel to the East Coast, triggered a cascading crisis that led to emergency meetings at the White House, a jump in gas prices, panic buying at the gas pumps, and forced some airlines to make fuel stops on long-haul flights.
The ransom payment was first reported by Bloomberg. A spokeswoman for Colonial declined to confirm or deny that the company had paid a ransom.
first reported that Colonial had shut down its pipeline partly because its billing systems were taken offline and it had no way to charge customers.
Many organizations across the United States, including police departments, have opted to pay their ransomware extortionists rather than suffer the loss of critical data or incur the costs of rebuilding computer systems from scratch.
In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members and social media preservation requests.
“This is an indicator of why we should pay,” the cybercriminals, called Babuk, said in a post online. “The police also wanted to pay us, but the amount turned out to be too small. Look at this wall of shame,” they wrote, “you have every chance of not getting there. Just pay us!”
Julian E. Barnes contributed reporting.