Oil transport giant CEO says he paid 480 million yen as a ransom for a ransomware attack

Colonial Pipeline, the largest oil transport pipeline in the United States, was hit by a ransomware attack by a hacker on May 9, 2021 and demanded a ransom. Colonial Pipeline, which was suspended due to the attack, did not disclose the amount of ransom paid for resumption, but as of May 19, Colonial Pipeline's CEO paid $ 4.4 million (about 480 million). I revealed that I paid 10,000 yen).

Colonial Pipeline CEO Tells Why He Paid Hackers a $ 4.4 Million Ransom --WSJ
https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636

Colonial Pipeline CEO says company paid hacker group $ 4.4 million --Axios
https://www.axios.com/colonial-pipeline-darkside-4-million-ransomware-dbe7d512-ab80-49f7-97df-9cb1e3822ffc.html

Colonial Pipeline announced on May 9 that it had shut down due to a ransomware attack. Oil stockpiles did not immediately affect the east coast of the United States supplied by Colonial Pipeline, but stockpiles are said to be 'no more than first aid' and people There was concern that it would have a major impact on people's lives.

America's largest oil pipeline shuts down due to ransomware attack, Biden administration declares emergency-GIGAZINE

Then, on May 13, Colonial Pipeline announced that it 'reopened its pipeline business around 5 pm on May 12, 2021.'

America's largest oil pipeline shut down due to ransomware resumes operations-GIGAZINE

At the time of business resumption, Colonial Pipeline did not reveal whether it paid the ransom, but based on the information that Bloomberg and others got from the authorities, 'about 5 million dollars (about 548 million yen) The ransom was paid. '

It turns out that a pipeline company that was attacked by ransomware paid a ransom of 500 million yen or more --GIGAZINE

Meanwhile, Colonial Pipeline CEO Joseph Brandt responded to an interview with The Wall Street Journal, admitting that the ransom was actually paid, but the amount is about 480 million yen. I told you that. It was a group called 'DarkSide ' that attacked Colonial Pipeline, and Mr. Brandt made a decision after consulting with experts who have dealt with DarkSide attacks in the past. Dark Side is reported to have received $ 90 million in ransom from 47 victims in the last nine months in Bitcoin.

Ransomware demanding ransom damage has increased in recent years, but the Federal Bureau of Investigation in the United States is urging businesses to refuse to pay. This is because paying the ransom will drain the money to the criminal group and encourage more criminal activity.

In response to the decision to pay the ransom, Mr. Brant said, 'I understand that it is a very controversial decision. It was never a light decision. It is not possible to give money to such people. It doesn't feel good, but I think I made the right decision for the country. '

According to sources, the payment was made in Bitcoin and Colonial Pipeline received a decryption tool to unlock the system that the hacker had invaded. On the other hand, the tool was reportedly 'helpful, but not enough to restore Colonial Pipeline's system immediately.'

Initially, Colonial Pipeline explained that it would work with the government on this attack, and the authorities also said that they would 'take steps to confuse the Dark Side,' but the government did not actually take action. The media reports The Hill.

US denies disrupting Russian cyber group behind Colonial pipeline hack | The Hill
https://thehill.com/policy/cybersecurity/554465-us-denies-disrupting-russian-cyber-group-behind-colonial-pipeline-hack