News outlets are reporting that Colonial Pipeline paid nearly $5 million to Russian hackers responsible for the attack on Colonial's pipeline network.
The hackers, known worldwide as The DarkSide and apparently originating from Eastern Europe, has told hacking associates that it is shutting down, according to security research firms. Its website has been down since last Thursday.
Colonial Pipeline, with help from private sector cyber security experts and US government officials, managed to retrieve the most important data that was stolen, according to a person familiar with the response. The person said at least some of the data was not retrieved from the hackers, but by leveraging the attackers' use of intermediary servers within the United States to store the stolen information.
Meanwhile, new details are emerging about Colonial's decision to proactively shut down its pipeline last week, a move that has led to panic buying and massive lines at gas pumps. The company halted operations because its billing system was compromised, three people briefed on the matter told CNN, and they were concerned they wouldn't be able to figure out how much to bill customers for fuel they received.
One person familiar with the response said the billing system is central to the unfettered operation of the pipeline. That is part of the reason getting it back up and running has taken time, this person said.
Asked about whether the shutdown was prompted by concerns about payment, the company spokesperson said, "In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems."
At this time, there is no evidence that the company's operational technology systems were compromised by the attackers, the spokesperson added.