When it comes to ransomware, you don’t always get what you pay for.
Colonial Pipeline, which operates more than 5,500 miles of fuel pipelines in the United States, found that out the hard way this week. It reportedly forked over almost $5 million worth of bitcoin to the hacking group that forced the company to proactively shut down its systems. But the company ended up using its own backups to restore operations anyway, according to Bloomberg.
The decryption software provided by the hacking group DarkSide, notes Bloomberg, was reportedly “so slow” that Colonial Pipeline “continued using its own backups to help restore the system.”
Ransomware is malware that encrypts victims’ computers and demands payment in exchange for the decryption key. Bloomberg reports that Colonial Pipeline paid the almost $5 million ransom on Friday (the price of bitcoin has dropped since late last week) — in other words, almost immediately after it says it detected the infection.
Nicole Perlroth, a noted cybersecurity reporter for the New York Times, confirmed that the payment was 75 bitcoin — although she reports that the payment was made Monday, not Friday.
Can confirm that Colonial Pipeline paid its extortionists 75 Bitcoin on Monday- nearly $5 million- to recover stolen data.
— Nicole Perlroth (@nicoleperlroth) May 13, 2021
On Monday, with gasoline panic buying in the news and the White House getting involved, DarkSide released a statement insisting that it never meant to make such a mess of things.
SEE ALSO: How to blur your house on Google Street View (and why you should)
“Our goal is to make money,” read the statement in part, “and not creating problems for society.”
DarkSide, according to its website, makes that money various ways. In addition to ransomware, it also threatens to leak companies’ data to third parties (including short sellers) unless additional payment is made.
On Thursday, Colonial Pipeline announced that its systems were back up and running — with very little thanks, it would seem, to that payment of 75 bitcoin.