Colonial Pipeline Pays Hackers $5M In Bitcoin To Restore Services As DarkSide Drops Off The Face Of The Internet Without A Trace
News of the Colonial Pipeline ransomware hack and the ensuing gas shortage has been everywhere in headlines this week as people attempt to learn more about the mysterious hacker group DarkSide. Late yesterday, Colonial Pipeline reportedly paid the hackers about $5 million in Bitcoin to regain access to their systems, sparking controversy online.
Contradicting reports earlier this week that the company had zero intention of paying an extortion fee, Bloomberg reported that “two people familiar with the transaction” and a third person “familiar with the situation said U.S. government officials are aware that Colonial made the payment.” Upon receiving payment, DarkSide then allegedly gave Colonial a “decrypting tool” to restore its subdued computer network.
Unsurprisingly, much of the ensuing discussion revolved around people being flabbergasted that Colonial would negotiate with the hacking group, let alone pay them.
The FBI’s stance on such cyberattacks is to discourage any organization from paying hackers ransom money, citing concerns over bolstering the confidence of other groups to attempt similar attacks but also because they could simply take the money and run without ever following through. The FBI said the hackers behind this particular cyberattack are linked to a cell in Russia or Eastern Europe that specializes in digital extortion.
Interestingly earlier today, DarkSide reportedly stated that it would be shutting down among news of the payment. It seems that the payoff resulted in some sort of sudden decision within the group to go into hiding, who later told other hacking associates that it had lost access to the infrastructure it uses to run its operation and would be shutting down. According to security firms FireEye and Intel 471, DarkSide cited pressure from law enforcement and from the U.S. following the attack among its reasons.
The group also claimed that the cryptocurrency payment was withdrawn from DarkSide’s payment server and transferred to an unknown wallet, so whether or not they actually received the 75 Bitcoins remains unknown.
According to the Wall Street Journal, security experts state that cybercriminal groups like DarkSide often disband and return under different names, so the truth to its claims might not be entirely accurate.