Affiliates working with the DarkSide group were blamed by the FBI for the attack, which forced operational systems offline — leading to major fuel shortages across much of America and rising prices for several days.

Colonial Pipeline CEO, Joseph Blount, reportedly admitted that the decision was not taken lightly but was done in the national interest.

“Tens of millions of Americans rely on Colonial: hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public,” a spokesperson confirmed to The Guardian.

It’s report revealed that rapid action from Colonial’s IT team to shut down systems following the incursion, prevented the malware’s spread to operational controls.

However, the payment was apparently made as the firm didn’t know the extent of the damage or the group’s footprint inside its network.

Americans are still being affected by the incident. Although the pipeline was only out-of-action for five days, restarting on May 12, it warned on Tuesday, “it will take some time for the fuel supply chain to fully catch-up.”

Colonial Pipeline continues to make substantial progress in safely moving other’s product throughout our pipeline system. We can now report that we are transporting refined products (gasoline, diesel and jet fuel) at normal levels and are fully operational.

— Colonial Pipeline (@Colpipe) May 17, 2021

It will take some time for the fuel supply chain to fully catch-up. However, at this time, the Colonial pipeline system is fully operational.

— Colonial Pipeline (@Colpipe) May 17, 2021

Experts welcomed the company’s openness in talking about the incident.

“No company or CEO should be shamed for this. Instead, we should learn from these incidents to understand how attackers got in, what data was actually returned and what could have been done differently to secure a different outcome,” argued Lewis Jones, threat intelligence analyst at Talion.

“Attackers collaborate on their attacks, and the only way to get ahead of them is to collaborate on our defenses.”

Edgard Capdevielle, CEO of Nozomi Networks, added that ransomware breaches are rapidly becoming a case of “when, not if” for organizations.

“Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he added.

However, criticism has been leveled in the past at organizations that pay ransomware groups, as it’s seen as perpetuating the problem by encouraging more attacks.

on May.13 — Dan Brouillette, former Energy Secretary from 2019 to 2021, says Colonial Pipeline should not have paid a $5 million ransom to hackers that took control of its pipeline. He speaks on “Balance of Power,” and many agree.

Source: May 12, 2021 Interview | Bloomberg Politics