Colonial Pipeline reportedly pays $5M in cryptocurrency to hackers to end ransomware cyberattack

Nathan Bomey

The Colonial Pipeline Co. reportedly paid a $5 million ransom to cyberattackers, allowing the vital fuel-shipping system to restart after the hackers had seized control and triggered panic-buying of gasoline throughout the Southeastern U.S.

Bloomberg News first reported Thursday that Colonial had paid the money, citing two people familiar with the exchange. CNBC also reported that the company paid the hackers, though it did not say how much.

Earlier this week, the FBI identified a criminal group known as DarkSide as being responsible for the cyberattack.

"Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network," Bloomberg reported. "The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said."

Colonial Pipeline officials declined to comment on Thursday.

The system – which supplies about 45% of the Southeastern region's fuel, including gasoline and jet fuel – was offline for several days after the attackers struck Friday. 

Save better, spend better:  Money tips and advice delivered right to your inbox. Sign up for free here

After successfully resuming operation in part on Wednesday, "Colonial Pipeline has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service," the company said Thursday morning in a statement.

"By mid-day today, we project that each market we service will be receiving product from our system."

The company was expected to get the pipeline up to full speed by the end of the week. Experts have said that while the situation has undermined gas supplies, panic buying is largely to blame for draining stations of fuel.

Colonial Pipeline Company in Linden, N.J., a major pipeline that transports fuels along the East Coast, says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it "took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."

The hackers were paid in "untraceable cryptocurrency within hours after the attack," Bloomberg reported, "are believed to be located in Russia or Eastern Europe."

The cyberattack deployed ransomware, which takes a computer system hostage and refuses to unlock it until a payment is made.

You can follow USA TODAY reporter Nathan Bomey on Twitter @NathanBomey and subscribe to our free Daily Money newsletter here for personal finance tips and business news every Monday through Friday morning.