BBC

A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack.

Colonial Pipeline suffered a ransomware cyber-attack over the weekend and took its service down for five days, causing supplies to tighten across the US. CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.

Colonial said on Thursday that it would not comment on the issue. On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang.

Price impact

Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.

The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.

The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.

The average price per gallon hit $3.008 (£2.14) – the highest level seen since October 2014, according to the Automobile Association of America.

US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.

According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.

Toshiba cyber-attack

Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.

However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event. It said it had put protective measures in place immediately after the attack.

In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.

Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia.

‘Our goal is to make money’

Cyber-security firms told the BBC that DarkSide operates by infiltrating an organisation’s computer network and stealing sensitive data.

Typically, a day later the hackers will make themselves known, announcing that they have encrypted all the data in the network and are prepared to leak it onto the internet and delete it, if they are not paid a ransom by a certain deadline.

DarkSide operates by making the software used to execute this attack and then training affiliates to use it, who then give the gang a cut of the ransoms they take.

Following concerns the Colonial cyber-attack was caused by nation-state hackers with a political motive, DarkSide posted on its website: “Our goal is to make money and not creating problems for society.”

The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates and intended to “introduce moderation and check each company” its partners want to encrypt, “to avoid social consequences in the future”.

On Friday, Reuters reported that DarkSide’s website on the dark web was no longer accessible.

Colonial Pipeline’s website also continues to be offline.