The Colonial Pipeline Co. ransomware story has taken a new twist, as the company reportedly paid the ransom following a ransomware attack last Friday.

Despite claiming that it would be more careful in the future and not target companies in ways that cause “problems for society,” the DarkSide ransomware group came out the winner of an apparent $5 million ransom.

Bloomberg reported today that Colonial paid the ransom on Friday, the same day the pipeline firm reportedly first detected the ransomware attack despite claims by the company that it would not pay up. The report also said Colonial made the ransom payment using a “difficult-to-trace cryptocurrency” — likely Monero — hours after it detected the attack. According to the report, Colonial knew what would happen if it didn’t pay up.

Presuming the report is right, the Biden administration also knew that Colonial paid the ransom. U.S. President Joe Biden signed a cybersecurity-related executive order Wednesday that aims to strengthen cybersecurity defenses, although it would have arguably not have made a difference to Colonial Pipeline if it had come a week or even a year earlier.

The Bloomberg report added that DarkSide did provide a decrypting tool after the ransom was paid but the tool was so slow that the company continued using its own backups to help restore its systems.

“Paying the ransom is sometimes an option but it is high risk,” Charles Brook, threat intelligence specialist at enterprise email security software provider Tessian Ltd., told SiliconANGLE. “You should always work with a security consultant to advise on the whole process and handle the negotiations — ideally have one on retainer — and you should inform law enforcement.”

For most ransomware, he added, it’s in the attackers’ interest to provide decryption keys upon receiving payment. “This means they maintain a good reputation, which can promote further payouts by other victims and lead to increased financial gain for the attacker,” he said.

Brook also said there’s a risk that if data was stolen, ransomware gangs may ask for more money. “Sometimes, you may never receive a decryption key and attackers will just continue to ratchet up the price to see how much they can get from you,” he said.

Photo: WadeB/Flickr