Colonial Pipeline paid nearly $5 million as a ransom to the cybercriminals that carried out a crippling cyberattack, sources familiar with the matter told CNBC.
It is not clear when the payment to the DarkSide group was made. The fact that the ransom was paid wasn’t widely shared despite federal entities working with the pipeline company to build back its networks following the attack.
Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Administration (CISA), said on Thursday that he has no knowledge of whether a ransom was paid, how much was paid, if it was paid, when it was paid.
Colonial Pipeline has also repeatedly declined to comment on the ransom payment.
Even president Biden declined to comment when asked whether the critical infrastructure company had paid the ransom and government officials said they know nothing of a ransom being paid during briefings with lawmakers on Capitol Hill.
The US government had not been providing advice to Colonial Pipeline on whether to pay the ransom or not, and White House press secretary Jen Psaki said the position of the government is to not pay ransoms as it may incentivize cybercriminals to launch more attacks.
DarkSide group has previously described its actions as apolitical, claiming they do not participate in geopolitics or have ties with any government and pointing that their goal is to make money, and not creating problems for society.
They also announced they’ll introduce moderation and check each company that their partners want to encrypt to avoid social consequences in the future.
At the same time, government agencies have been working to identify the individual hackers behind the attack. CISA and the FBI confirmed on Tuesday that DarkSide was used as a ransomware-as-a-service, in which developers of the ransomware receive a share of the proceeds from the cybercriminals who deploy it, known as “affiliates.”
The “affiliate” in this case was likely Russian, according to sources familiar with the investigation quoted by CNN. There are also indications that the individual actors that attacked Colonial, in conjunction with DarkSide, may have been inexperienced or novice hackers.
Be the first to comment