Flags fly in front of a Colonial Pipeline Co. storage tank at a facility in the Port of Baltimore in Baltimore, Maryland, U.S., on Tuesday, May 11, 2021.
Samuel Corum | Bloomberg | Getty Images
WASHINGTON – Colonial Pipeline paid a ransom to hackers after the company fell victim to a sweeping cyberattack, one source familiar with the situation confirmed to CNBC.
A U.S. official, who spoke on the condition of anonymity, confirmed to NBC News that Colonial paid nearly $5 million as a ransom to the cybercriminals.
It was not immediately clear when the transaction took place. Colonial Pipeline did not immediately respond to CNBC’s request for comment. The ransom payment was first reported by Bloomberg.
Earlier on Thursday, President Joe Biden declined to comment when asked if Colonial Pipeline paid the ransom. White House press secretary Jen Pskai told reporters during a briefing that it remains the position of the federal government to not pay ransoms as it may incentivize cybercriminals to launch more attacks.
Last week’s assault, carried out by a criminal cybergroup known as DarkSide, forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the nation’s East Coast fuel supply.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.
On Monday, White House national security officials described the attack as financially motivated in nature but would not say if Colonial Pipeline agreed to pay the ransom.
“Typically that’s a private sector decision,” Anne Neuberger, deputy national security advisor for cyber and emerging technologies, told reporters at the White House when asked about the ransom payment.
Deputy National Security Advisor for Cyber & Emerging Technologies Anne Neuberg speaks about the Colonial Pipeline outage following a cyber attack during the daily press briefing at the White House in Washington, U.S., May 10, 2021.
Kevin Lemarque | Reuters
“We recognize that victims of cyberattacks often face a very difficult situation and they have to just balance often the cost-benefit when they have no choice with regards to paying a ransom. Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them,” Neuberger said.
She added that the FBI has previously warned victims of ransomware attacks that paying a ransom could encourage further malicious activity.
Earlier on Monday, the DarkSide group described its actions as “apolitical” in a statement provided to CNBC by Cybereason.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the group wrote.
“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the statement added.
Biden told reporters on Monday that the U.S. did not currently have intelligence linking the DarkSide group’s ransomware attack to the Russian government.
“So far there is no evidence from our intelligence people that Russia is involved although there is evidence that the actor’s ransomware is in Russia, they have some responsibility to deal with this,” Biden said from the White House on May 10.
He added that he would still discuss the situation with Russian President Vladimir Putin.
The Kremlin has previously denied claims that it has launched cyberattacks against the United States.
On Wednesday, Colonial Pipeline said in an evening statement that it had restored its operations days after it was forced to shut down its entire system due to the cyberattack. The company described its decision to temporarily close pipeline service as a precautionary measure.
“Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” the company added.
The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing hackers to gain access to communications and data in several government agencies.
In April, Washington formally held Russia’s Foreign Intelligence Service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the cyberattack as “the largest and most sophisticated attack the world has ever seen.” Microsoft’s systems were also infected with malicious software.
The Russian government denies all allegations that it was behind the SolarWinds hack.