Political News

Colonial Pipeline said to have paid roughly $5 million in ransom to hackers

The operator of a critical fuel pipeline on the East Coast paid extortionists roughly 75 Bitcoin -- or nearly $5 million -- to recover its stolen data, according to people briefed on the transaction, clearing the way for gas to begin flowing again but complicating President Joe Biden's efforts to deter future attacks.

Posted Updated

By
Michael D. Shear, Nicole Perlroth
and
Clifford Krauss, New York Times

WASHINGTON — The operator of a critical fuel pipeline on the East Coast paid extortionists roughly 75 Bitcoin — or nearly $5 million — to recover its stolen data, according to people briefed on the transaction, clearing the way for gas to begin flowing again but complicating President Joe Biden’s efforts to deter future attacks.

Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. DarkSide is believed to operate from Eastern Europe, possibly Russia.

The company preemptively shut down its pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic coast, setting off a cascading crisis that forced some airlines to make fuel stops on long-haul flights and led to emergency meetings at the White House, a jump in gas prices and panic buying at gas pumps.

With Republicans blaming Biden for soaring fuel prices and scenes of panicked motorists swarming gas stations, the president on Thursday embraced news that the 5,500-mile pipeline was resuming service. But he cautioned it would take time to resolve shortages and warned gas stations not to engage in price gouging.

“They should be reaching full operational capacity as we speak, as I speak to you right now,” Biden said in remarks from the Roosevelt Room. “That is good news. But we want to be clear: We will not feel the effects at the pump immediately. This is not like flicking on a light switch.”

Biden did not rule out the possibility that the administration would target the cybercriminals with a retaliatory strike, saying that the United States would pursue “a measure to disrupt their ability to operate.”

Jen Psaki, the White House press secretary, said the administration was waiting for recommendations from U.S. Cyber Command.

On Thursday, eight websites associated with DarkSide were pulled offline. It was not immediately clear why. Cyber Command referred questions to the National Security Council, which declined to comment.

The ransom issue underscores a dilemma for the president as his administration confronts an increasing number of cyberattacks against government and industry. The company’s decision to pay the ransom may help Biden stanch the political fallout from rising gas prices and long lines at the pumps, but it emboldens other criminal groups or rogue states to take American companies hostage by seizing control of their computers.

Biden declined to answer whether Colonial had paid its extortionists. Psaki said it remained the “position of the federal government” not to pay ransoms because the money can encourage criminals to conduct more attacks. She refused to criticize Colonial by name, saying it was “not constructive” to single out any particular company.

A company representative would neither confirm nor deny on Thursday that executives had paid a ransom. The payment was confirmed by people briefed on the matter, who declined to be identified because the information was confidential. It was earlier reported by Bloomberg on Thursday.

Gasoline prices continued to rise Thursday across the Southeast, but at a slower pace generally than in recent days. “Product delivery has commenced to all markets we serve,” Colonial Pipeline said. “It will take several days for the product delivery supply chain to return to normal.”

The attack on the pipeline has risks for Biden: political peril as Americans along the East Coast line up to get gas; economic peril as the administration worries about the temporary effects on air travel and chemical production; and technological peril as experts try to figure out how a ransomware attack turned into a national security event.

Republicans sought to turn the issue to their advantage, adding the temporary gas shortages to the list of political attacks on Biden’s leadership.

“Border crisis, gas lines, inflation, economic stagnation, kids still out of school, rocket attacks in Israel, and on and on and on,” Josh Holmes, a former chief of staff for Sen. Mitch McConnell of Kentucky, the Republican leader, wrote Wednesday on Twitter. “If you’re a Republican under the dome not talking about any of this today, you’re weakening your country.”

In an effort to address public concern about a possible run on gas that could disrupt economic activity and daily life, Biden said his administration had temporarily eased regulations and environmental rules so that companies could deliver gas more easily in the affected regions.

The administration has lifted the Jones Act, which prohibits foreign vessels from delivering goods from one domestic port to another. The administration said Thursday that a waiver had been granted to one company and that it would consider other waiver requests. The president also urged Americans in the affected regions to avoid hoarding gasoline.

“This is a temporary situation. Do not get more gas than you need in the next few days,” he said, adding, “We expect the situation to begin to improve by the weekend and into early next week, and gasoline supply is coming back online, and panic buying will only slow the process.”

Biden sought to emphasize the administration’s efforts to combat the rising number of ransomware attacks, citing his executive order this week on cybersecurity, which sets standards for any company that is looking to sell software to the federal government.

“I cannot dictate that the private companies do certain things relative to cybersecurity,” the president told reporters. But he said that “I think it’s becoming clear to everyone that we have to do more than being done now and the federal government can be significant value added.”

While the attack was not on the pipeline itself, Colonial shut down both its information systems and the pipeline until it was sure it could safely manage the flow of fuel. Companies across the United States — and even police departments — have opted to pay ransomware extortionists rather than suffer the loss of critical data or incur the cost to build computer systems up from scratch. Typically, organizations and their cyberinsurers conclude that the cost of paying a ransom will be cheaper than the cost of restoring their systems or the potential liability of having their data dumped on the internet.

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members.

In his remarks Thursday, Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.

Republicans have balked at the size of Biden’s proposals, accusing the president of wanting to raise taxes to pay for things that they do not consider infrastructure, like programs for home health aides. Biden has proposed to increase taxes on wealthy people and corporations to pay for his spending, but has said he is open to other ideas.

“I’m willing to negotiate, as I indicated yesterday to the House members and to the leadership,” Biden said. “But it’s clearer than ever that doing nothing is not an option.”

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents, to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1% of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies. Friday is traditionally the biggest day for gasoline sales.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline. Panic buying contributed to the fuel shortages. At some stations, people were filling gasoline cans, forcing others to wait longer and causing shouting matches.

But energy analysts were optimistic that the crisis would soon pass.

“The restart of the pipeline is very positive news for motorists,” said Jeanette McGee, director for external communications for AAA. “While impact won’t be seen immediately and motorists in affected areas can expect to see a few more days of limited fuel supply, relief is coming.”

She said station pumps would be full in “several days,” before the Memorial Day weekend, a heavy driving time.