If the American doctrine is not to negotiate with terrorists, it is obviously different with cybercriminals. The boss of the US oil pipeline operator Colonial Pipeline said in an interview with the
Wall Street Journal
he authorized the payment of a ransom of $ 4.4 million to hackers who carried out a cyber attack on the network. may's beginning. “I know it was a very controversial decision (…) I admit that I was not comfortable with seeing money evaporate and go to such people,” said Joseph. Blount. “But it was the right thing to do for the country,” he told the daily.
The payment of a ransom had been mentioned by several American media in recent days, but Colonial Pipeline had so far not confirmed this information.
Joseph Blount, however, did not give details on the conduct of negotiations and the method of settlement.
Several sources claimed that the ransom was paid in bitcoins.
The leader of Colonial Pipeline, at the head of the company since 2017, defended his decision, believing that it was for his group the most effective way to restart its operations.
Back to normal
The company, which transports nearly half of America's petroleum products from the Gulf of Mexico to the east coast of the United States, was the victim of ransomware on May 7, a program that exploits security holes to encrypt data. computer systems and demand a ransom to unlock them.
According to the US police, the DarkSide cybercriminal group, which will be based in Russia or in countries of the former USSR, is behind the attack.
This forced the operator, whose network includes more than 8,800 kilometers of pipelines transporting fuel, to suspend all of its operations, which had never happened before.
Last Saturday, Colonial Pipeline announced a return to normalcy of its operations.
According to cybersecurity firm Recorded Future, the hacker who demanded a ransom from Colonial Pipeline admitted that his DarkSide group had lost access to several of the servers used to host his blog or get paid.
Accessible via the TOR browser on the dark web, the underground version of the Internet, the DarkSide site was inaccessible on Friday morning.
"A few hours ago, we lost access to the public part of our infrastructure, namely our blog, our payment server and our DoS servers", wrote in an article a hacker using the pseudonym Darksupp, quoted by Recorded Future.
Darksupp also indicated that cryptocurrency funds, used to pay ransoms demanded by the hacker group, had been withdrawn.
Joe Biden had promised an American response, remaining vague.
A Recorded Future analyst, however, believes that DarkSide's confession may be a subterfuge allowing the group to shut down its infrastructure itself to avoid having to pay its associates.
Kimberly Goody, head of financial crime analysis at Mandiant, a subsidiary of US cybersecurity giant FireEye, said in a statement to AFP that her company "was unable to independently validate the claims." on the dismantling of DarkSide.
United States: Who are the hackers of Darkside, the group suspected of hacking an oil pipeline operator?
United States: Cyberattack Closes Largest Gas Pipeline