Image 01 Image 03

Colonial Pipeline Restarts, Reportedly Paid Hackers $5 Million

Colonial Pipeline Restarts, Reportedly Paid Hackers $5 Million

The company says that it would still take several days for the system to be fully operational.

Colonial Pipeline restarted operations late Wednesday afternoon, following a shutdown initiated after a ransomware attack.  However, the company says that it would still take several days for the system to be fully operational.

“Following this restart it will take several days for the product delivery supply chain to return to normal,” Colonial said in a statement. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period.

Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” the company added.

Reports came out Thursday morning that Colonial Pipeline paid the hackers $5 million:

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment, as did a spokesperson for the National Security Council.

Several areas along the East Coast are struggling with shortages.

…[P]rice gougers in Virginia have been busted charging up to $6.99 per gallon, and police in Charlotte are warning residents to ‘limit non-essential travel’ as more than 70 percent of gas stations in the city run dry.

In metro Atlanta, more than 60 percent of gas stations had no fuel on Wednesday, and the rate exceeded 70 percent in Raleigh, North Carolina and Pensacola, Florida.

The impact of the crisis is rippling across the country, with the national average price of gas exceeding $3 for the first time since 2014, after the Colonial Pipeline was disabled by a Russian ransomware attack on Friday.

The shortages have to impact the already high prices on the West Coast as well.

“It will be more regional, so really impacting drivers in the South East, mostly, and on the East Coast. But of course whenever there is a major shutdown of a system somewhere in the country, we could feel some of the impact here in California,” said Doug Shupe with Auto Club of Southern California.

Gas prices have already been rising steadily in SoCal as gas stations had to switch to the summer blend, which is required in California, back on April 1. That tacked an extra 15-20 cents onto every gallon of gas. In addition, demand has driven prices up as well.

Until the supply chain is sorted out, Americans will use gallows humor, memes, and hashtags to help get them through shortages.


Donations tax deductible
to the full extent allowed by law.


what is the definition of warfare

It has been said elsewhere: “Jimmy Carter II would be a best case scenario”

    Ben Kent in reply to Romey. | May 13, 2021 at 1:29 pm

    I thought the same.

    Forget the references to FDR or to Barack 2.0

    > Biden is more like a cognitively-impaired version of Jimmy Carter

      TargaGTS in reply to Ben Kent. | May 13, 2021 at 1:51 pm

      And substantively less honest. Jimmy Carter was an idiot with horrible ideas. But, at his core, he was a good person and meant well.

      Biden is a liar and has been a liar his entire life and the only thing Biden ever wanted to be was powerful.

I have a fairly sophisticated computer system that manages a CNC lathe, mill, 3D printer, and other digital equipment in my shop. The system IS NOT linked to the internet. Updates/upgrades are purchased in person from time to time by me, loaded into a separate test laptop, and then fed into the permanent system after testing.

Perhaps someone with more specific knowledge of fuel pipeline systems can explain to me why this is not the case with such imperative and potentially vulnerable systems.

My shop systems are isolated from any external network, and cannot be compromised, even when updating through the secure test laptop/buffer. Basically, why is the fuel pipeline, “online”?

    MattMusson in reply to SField. | May 13, 2021 at 12:57 pm

    Joe got the Pipeline restarted just as soon as Colonial agreed to kick back 10% for the Big Guy.

      SField in reply to MattMusson. | May 13, 2021 at 1:10 pm

      Given Hunter Biden’s extensive experience with pipes and lines, the Big Guy should have had him handle the crisis.

      nordic_prince in reply to MattMusson. | May 13, 2021 at 7:39 pm

      Plot Twist: The Biden Crime Family Inc. hired hackers to bring the system down, promising them 50% of the ransom – if they live long enough to enjoy their cut.

    Think38 in reply to SField. | May 13, 2021 at 1:05 pm

    Suppose for a minute you found out hackers were inside your main computer system, and you believe them to have in your system for some time. While you sort through your main system, what would you do with your separate system that runs your shop? Would you continue to use it? Or would you shut down while testing it to find out if hackers were that system too?

    I’m with you that the internet is a wonderful tool, but some things should not be connected to it, and an airgap is desirable.

    The Friendly Grizzly in reply to SField. | May 13, 2021 at 1:09 pm

    Simple. They took the lazy way. I’d fire theot of them.

    TargaGTS in reply to SField. | May 13, 2021 at 1:54 pm

    Cost. It all comes down to the expense of building and maintaining a private computer network versus the expense of building your critical infrastructure on the backbone of the public internet.

    I suspect that they could pay a $5M ransom several times a year (maybe a dozen times a year or more) and it would still be cheaper than building a competent intranet to manage the tasks they have to manage over the distances covered by the pipeline itself.

      JusticeDelivered in reply to TargaGTS. | May 13, 2021 at 3:05 pm

      What is the incremental coat of running private com lines with the pipeline?

        TargaGTS in reply to JusticeDelivered. | May 13, 2021 at 4:29 pm

        If it were as easy as just burying some cable with the pipeline, it likely wouldn’t be that great an expenditure as a percentage of the total project cost. Unfortunately, it’s not that easy. It would be a regulatory nightmare to bury that much cable, coax or fiber-optic, near the pipeline itself.

    Lucifer Morningstar in reply to SField. | May 13, 2021 at 2:26 pm

    Perhaps someone with more specific knowledge of fuel pipeline systems can explain to me why this is not the case with such imperative and potentially vulnerable systems

    Basically, why is the fuel pipeline, “online”?

    Because it is easier (and quite a bit less expensive) to hook the entire thing up to the internet using a SCADA (Supervisory control and data acquisition) system and run the pipeline from a single, remote office than it would be to actually hire the numbers needed to man the entire length of the pipeline.

    And if you think this was bad, just wait until the national electric grid is hacked. The PTB run that on the same principles as they do the oil/gasoline pipeline infrastructure. And as we’ve just seen there is very little network security involved with the whole thing.

    daniel_ream in reply to SField. | May 14, 2021 at 1:10 am

    Disclaimer: I am currently a software engineer and at various points in my career have been a system administrator, network administrator, and Director of IT for various sized companies in a number of market sectors.

    Your practices and policies are more secure than nearly all the companies I have ever worked for, interacted with, or had business relations with. Nobody, absolutely nobody, cares about operational security on their network until something happens; and then they will do just enough to make the lawyers/investors happy until they stop bitching.

    It’s a very real problem, and one that is not going away because people with the authority to do anything about it will not learn.

SeiteiSouther | May 13, 2021 at 12:02 pm

One of three things:

1) Their firewall was so shitty/nonexistent that the hackers made it through.

2) An employee broke security protocol and either hooked up their device to the network or used the network to surf the web/check email and they got in.

3) An employee deliberately allowed the hackers access, for a cut of the ransom.

Any way you look at it. Somebody(ies) got fired. The put up a call for a Cybersecurity manager.

My thought was, “You didn’t have one before???”

    The Packetman in reply to SeiteiSouther. | May 13, 2021 at 12:11 pm

    My guess is #2 … the vector that’s least controllable.

    SField in reply to SeiteiSouther. | May 13, 2021 at 12:23 pm

    Makes sense. As a solo operation not connected to a network, I’m fortunately free of those three possibilities.

    Going to agree with The Packetman as well. #2 Sounds like the hardest factor to police and control.

      SeiteiSouther in reply to SField. | May 13, 2021 at 3:12 pm

      My gut is #2 as well. #1 & #3 are far fetched, but not out of the realm of possibility. Human error is the most likely.

    daniel_ream in reply to SeiteiSouther. | May 14, 2021 at 1:12 am

    #2. Guaranteed. Not that it’s terribly hard to lock out any of that stuff, but the company has to care, and none of them do.,

Energy Secretary Jennifer Granholm said that if everybody in the US was driving electric cars, they would not be affected by the Colonial Pipeline shutdown.

Yes, but then the power grid would be shut down because there is not enough electricity in the US to charge 250 million cars. And there are not enough public charging stations to charge 1 percent.

    TargaGTS in reply to UserP. | May 13, 2021 at 1:55 pm

    It’s also Quixotic to believe that the same thing that happened to the petrol-infrastructure couldn’t happen to our electric grid. Of course it could.

    Sanddog in reply to UserP. | May 13, 2021 at 2:21 pm

    And planes wouldn’t be flying since colonial also transports jet fuel.

    gibbie in reply to UserP. | May 13, 2021 at 6:15 pm

    I had to look this up for myself because I could not believe that anyone could be such a complete idiot.

    Granholm is such a complete idiot.

I hope they can trace the money and apprehend the hackers

    UserP in reply to geronl. | May 13, 2021 at 12:15 pm

    The “Russian” hackers” probably operate out of a lab in Wuhan.

    gonzotx in reply to geronl. | May 13, 2021 at 1:26 pm

    Can’t untraceable Bitcoin

      bigskydoc in reply to gonzotx. | May 13, 2021 at 2:23 pm

      What do you mean by this?

        gonzotx in reply to bigskydoc. | May 13, 2021 at 5:23 pm

        Heard it on Rush. These guys aren’t dumb

          bigskydoc in reply to gonzotx. | May 14, 2021 at 10:17 am

          I just don’t understand what you mean by “Can’t untraceable Bitcoin.” Read as written, you are correct. You can not make Bitcoin untraceable. The block chain is immutable, and the location of the Bitcoin paid can be seen on any of over 100,000 computer nodes. They could wash it through something like Monero, but I suspect that is actually a NSA project, and it only provides the illusion of anonymity.

          If you mean can’t trace it because it is Bitcoin, refer to paragraph one. Bitcoin is the most traceable currency in existence. Cash is far more untraceable.

Halcyon Daze | May 13, 2021 at 12:15 pm

Has anyone noticed the Bloomberg story used ‘people or persons familiar with’ seven times and direct quoted as few people by name as humanly possible?

    gibbie in reply to Halcyon Daze. | May 13, 2021 at 6:18 pm

    A fourth person unfamiliar with the situation told me that the third person familiar with the situation is a pathological liar.

My guess is laziness. Instead of having terminals along the closed network, they just hook it all up to the interwebz and manage it from an office.

    JusticeDelivered in reply to Dathurtz. | May 13, 2021 at 1:01 pm

    I wrote programs to run industrial production lines and process control. More that half the effort in that job was to anticipate both stupidity and intentional sabotage. Whoever designed the system was incompetent.

The funny thing is that the pipeline has a right of way. Laying a fiber optic cable along the pipeline would be a no-brainer. All computers controlling something this critical should be off the internet.

The question now becomes, did anybody learn anything? If they did and energy companies are quietly switching to isolated networks, the lesson will turn out to be cheap. If they’re not doing this, I expect the success of these criminals to encourage more criminals to try the same, and this attack will be the first of many.

Reliability. Security. Cost-effective. Pick any two.

In dealing with cyber-security, every place your control system touches the outside world is a giant festering security nightmare that changes every day. Isolate it to a perfectly private network and nobody can access it to do things like emergency shutdowns. Use security keys and one of them will invariably leak out or even worse, they will expire at the worst possible time and shut down the whole ball of fail. Use an instant-restore backup system and the little creeps will infiltrate and demolish the backups.

    Sonnys Mom in reply to georgfelis. | May 13, 2021 at 3:07 pm

    Talk radio listeners often hear ads from this company. Looks like they’ve added ransomware detection/protection and systems restoration to their suite of services. What surprises me as a non-IT person is how in today’s risk environment, any company can assume “it’ll never happen to us.”

    CommoChief in reply to georgfelis. | May 13, 2021 at 7:26 pm

    George is preaching the TRUTH. That is set of trade offs in the real world. I can’t count the number of times I have had to explain that simple fact to bean counters and execs who close their eyes and defer decisions in the hope the problems simply disappear.

Not only is the administration aware they paid ransom, it’s very likely they told them to pay the ransom. Can’t have the old senile bastard look bad, can we?

Subotai Bahadur | May 13, 2021 at 5:59 pm

1) Danegeld
2) There is only one way to stop it, It unavoidably requires a pile of dead bodies no matter where they run to. It can be accumulated by either SpecOps, or private contractors.

Subotai Bahadur

    CommoChief in reply to Subotai Bahadur. | May 13, 2021 at 6:10 pm


    Exactly. Paying out only invites more attacks.

    How about every ISP and everyone operating servers adequately secures their devices and cooperate with efforts to track down intrusions? Then put a hellfire or tomahawk into the physical location of the IP or chain of unsecured IP ?

    Won’t be pretty but it would work.

You misspelled “cia”