The Colonial Pipeline facility in Pelham, Alabama, was hit by a cybersecurity attack last week forcing its operators to shut down its systems.
Early this week, the U.S. Federal Bureau of Investigation confirmed that the Colonial Pipeline was shut down due to a cyber attack performed by the Darkside ransomware gang.
Multiple media reported that the company had initially refused to pay the ransom. However, the quick restoration of the operations is suspicious and suggests that the operators of the Colonial Pipeline have paid the ransom.
According to the New York Times, Colonial Pipeline paid the hackers almost $5 million worth of cryptocurrency to get a decryption key to help them restore the encrypted files. As the tool was too slow, the company used its backups to restore the systems.
Colonial Pipeline made the ransom payment of roughly 75 Bitcoins to the DarkSide hacking group after the cybercriminals last week held up the company’s business networks with ransomware and threatened to release it online.
According to the media, after obtaining the decryption key, the company used it along with its backup system to quickly restore the impacted systems and resume pipeline operations.