(TNS) — Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.
The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.
Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.
A representative from Colonial declined to comment, as did a spokesperson for the National Security Council. Colonial said it began to resume fuel shipments around 5 p.m. Eastern time Wednesday.
The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.
On Wednesday, media outlets including The Washington Post and Reuters, also based on anonymous sources, reported that the company had no immediate intention of paying the ransom.
Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid — a kind of double extortion.
The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency says.
However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a…
![a close up of a sign: Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Getty Images](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"53","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gCm6S.img?h=532&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gCm6S.img?h=415&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gCm6S.img?h=415&w=624&m=6&q=60&o=f&l=f"}})
![a building with a blue umbrella: Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations.](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"45","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gE5xr.img?h=448&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gE5xr.img?h=350&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1gE5xr.img?h=350&w=624&m=6&q=60&o=f&l=f"}})
