Colonial Pipeline paid roughly $5 million to the ransomware group responsible for hacking its systems, contradicting earlier claims.
Bloomberg News reported that the company paid the ransom in cryptocurrency hours after the May 7 cyberattack that shut down the country’s largest fuel pipeline. In exchange for the payment, the hackers responsible provided Colonial with a decryption tool that restored the company’s access to its data.
The tool was found to have limited use, leading the company to instead restore data from its own backup system.
The FBI strongly discourages paying ransom to hackers in the wake of a ransomware attack.
“Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” states the FBI website.
Forensic audits in the wake of the attack have suggested an unpatched Microsoft Exchange server as a potential avenue of entry for the hackers, but this has yet to be confirmed.
While some experts have been critical of Colonial Pipeline’s security practices, others have pointed to an overall shortage of cybersecurity professionals, especially those with experience in infrastructure-related industries.
Colonial Pipeline was attempting to fill two key security leadership roles in the company, Director of Risk Management and Manager of Cybersecurity, in the weeks leading to the attack.