Colonial Pipeline reportedly paid foreign hackers a $5 million ransom on Friday, shortly after a cyberattack crippled the large fuel channel that serves much of the U.S. East.
Bloomberg News reported the Georgia-based operator used untraceable cryptocurrency to fulfill the ransom to Eastern European hackers in the Darkside group — despite FBI guidance that says ransoms shouldn’t be paid because it encourages future attacks.
Media reports earlier in the week suggested the company had no plans to pay a ransom.
FTI Consulting, which is assisting the pipeline, told The Washington Times “as this is an ongoing investigation, Colonial Pipeline is not commenting on Bloomberg’s reporting at this time.”
Brandon Wales, the acting director of the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, said during a virtual forum Thursday: “I can confirm that we recommend against paying ransom because it just feeds the business model. I cannot confirm or deny whether Colonial paid the ransom. Only Colonial will be able to answer that question.”
Bloomberg, citing persons familiar with the situation, said hackers supplied the pipeline operator with a decrypting tool to get back up and running but it performed slowly, forcing the pipeline to rely on its own backup efforts during the week.
The Biden administration said the pipeline resumed operations late Wednesday as states in the Southeast and Mid-Atlantic experienced severe gasoline shortages.
Stations in several states ran out of gas as customers hoarded supplies and efforts to drive or ship extra gas into locales failed to keep up.
• Andrew Blake contributed to this article.