WASHINGTON – Colonial Pipeline paid hackers a ransom after it fell victim to a widespread cyber attack, a source familiar with the situation confirmed to CNBC.
A US official, who spoke on condition of anonymity, confirmed to NBC News that Colonial had paid the cybercriminals nearly $ 5 million in ransom.
It wasn't immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC's request for comment. The ransom payment was first reported by Bloomberg.
The previous Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline had paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the federal government's position not to pay ransom as this could encourage cybercriminals to launch further attacks.
Last week's attack, carried out by a cyber criminal group called DarkSide, forced the company to shut down about 5,500 miles of pipeline, cutting off half fuel supplies on the east coast and gasoline shortages in the southeast.
Ransomware attacks are malware that encrypt files on a device or network and cause the system to become inoperable. Criminals behind such cyberattacks usually demand a ransom in exchange for releasing data.
On Monday, White House National Security officials labeled the attack financially motivated but did not say whether the Colonial Pipeline agreed to pay the ransom.
"Usually this is a private sector decision," Anne Neuberger, deputy national security advisor on cyber and emerging technologies, told White House reporters when asked about the ransom payment.
Anne Neuberg, Deputy National Security Advisor for Cyber and Emerging Technologies, speaks about the Colonial Pipeline failure following a cyber attack during the daily press conference at the White House in Washington, USA, on May 10, 2021.
Kevin Lemarque | Reuters
"We recognize that victims of cyberattacks often face a very difficult situation and often only have to weigh the cost-benefit ratio when they have no other choice but to pay a ransom. Colonial is a private company, and we will postpone information about your decision. " about paying a ransom to them, "said Neuberger.
She added that the FBI had previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
On Monday before, the DarkSide group had described its actions as "apolitical" in a Cybereason statement to CNBC.
"We are apolitical, we do not participate in geopolitics, we do not have to bind ourselves to a defined government and look for our motives," wrote the group.
"Our goal is to make money and not create problems for society. Starting today, we are introducing moderation and reviewing every company that our partners want to encrypt in order to avoid social consequences in the future," added the statement.
Biden told reporters on Monday that the US currently has no information linking the DarkSide group's ransomware attack to the Russian government.
"So far, there is no evidence from our intelligence officials that Russia is involved, although there is evidence that the actor's ransomware is in Russia. You have a certain responsibility to deal with it," Biden said from the White House on Monday.
He added that he would continue to discuss the situation with Russian President Vladimir Putin.
The Kremlin has previously denied claims that it launched cyberattacks against the United States.
On Wednesday, the Colonial Pipeline said in an evening statement that it had resumed operations days after its entire system was shut down due to the cyber attack. The company described its decision to temporarily close its pipeline service as a precautionary measure.
"Some markets served by Colonial Pipeline may or continue to experience intermittent business interruptions during the launch phase. Colonial will and will continue to move as much gasoline, diesel and jet fuel as possible until markets return." normal, "added the company.
The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. In the past year, software from IT company SolarWinds was breached, allowing hackers in several government agencies to access communications and data.
In April, Washington officially made the Russian foreign intelligence service responsible for conducting the SolarWinds cyberattack. Microsoft President Brad Smith described the incident as "the largest and most sophisticated attack the world has ever seen". Microsoft's systems were also infected with malicious software.
The Russian government denies all allegations behind the SolarWinds hack.