“This is not like flicking on a light switch,” he said, noting that Colonial’s pipeline had never before been shut down.
Colonial has not shared many details about the incident, or why it was necessary to shut down the pipeline, which other operators sequester from their business operations for safety. Cybersecurity experts have said the attack and its fallout demonstrated a lack of cyber resilience and planning.
Kim Zetter, a cybersecurity journalist, first reported that Colonial had shut down its pipeline partly because its billing systems were taken offline and it had no way to charge customers.
Many organizations across the United States, including police departments, have opted to pay their ransomware extortionists rather than suffer the loss of critical data or incur the costs of rebuilding computer systems from scratch.
In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members and social media preservation requests.
“This is an indicator of why we should pay,” the hackers, called Babuk, said in a post online. “The police also wanted to pay us, but the amount turned out to be too small. Look at this wall of shame,” they wrote, “you have every chance of not getting there. Just pay us!”
Julian E. Barnes contributed reporting.
Article source: https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html