{"id":40862,"date":"2021-05-13T17:44:11","date_gmt":"2021-05-13T17:44:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/"},"modified":"2021-05-13T17:44:11","modified_gmt":"2021-05-13T17:44:11","slug":"ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/","title":{"rendered":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report"},"content":{"rendered":"<p>Colonial Pipeline&#8217;s operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week&#8217;s ransomware infection.<\/p>\n<p>News of the payoff was <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-05-13\/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom\">broken<\/a> by Bloomberg \u2013 which not only cited anonymous sources but also mocked other news outlets&#8217; anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.<\/p>\n<p>&#8220;On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources,&#8221; gloated Bloomberg, while avoiding describing its unnamed &#8220;people familiar with the company&#8217;s efforts&#8221; in the same terms.<\/p>\n<p>Media braggadocio aside, the Colonial Pipeline Company of Georgia is said to have paid $5m as a ransom to regain control of its systems. Bloomberg claimed, citing its familiar-yet-anonymous sources, that the decryption utility supplied by the criminals following this payment was so slow in operation that Colonial continued restoring its systems from backups, as it has been since the weekend.<\/p>\n<p>Restoring from good, working backups isn&#8217;t such a bad idea, because you should wipe infected computers and start afresh anyway, just in case the ransomware hid something nasty on the file systems.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,leaderboard,\" data-xlg=\",fluid,superleaderboard,billboard,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Speculation abounded as to precisely what led to the shutdown of the pipeline on Friday, May 7 though the most likely explanation is that rather than compromising the operational technology (OT) controlling the pipeline&#8217;s pumps and valves, the ransomware KO&#8217;d back-office systems used for monitoring oil flows and generating billing records based on those flows.<\/p>\n<p>If you can pump oil but can&#8217;t tell who you&#8217;re pumping it to or how much they&#8217;re taking, your oil-as-a-service business will miss out on significant profits and your engineers will rapidly lose sight of how much wear and tear safety-critical systems are enduring. Hence the shutdown.<\/p>\n<p>The Colonial Pipeline says it carries 100 million gallons a day of refined fuels between Houston, Texas, and New York Harbor, or 45 percent of all fuel needed on the United States&#8217; East Coast. The pipeline carries fuel for cars and trucks, jet fuel, and heating oil, and there are <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.usatoday.com\/story\/money\/2021\/05\/12\/gas-shortages-colonial-pipeline-attack-affect-you\/5054294001\/\">reports<\/a> of gasoline shortages. Today, the biz said it had restarted operations on Wednesday evening, and is now making &#8220;substantial progress&#8221; in delivery supplies to markets.<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"9\"><a href=\"https:\/\/regmedia.co.uk\/2021\/05\/13\/colonial_pipeline_website.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/05\/13\/colonial_pipeline_website.jpg?x=648&amp;y=353&amp;infer_y=1\" alt=\"The Colonial Pipeline company's website was offline at the time of writing, returning this error message\" title=\"The Colonial Pipeline company's website was offline at the time of writing, returning this error message\" height=\"353\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">The Colonial Pipeline company&#8217;s website was offline at the time of writing, returning this error message. Click to enlarge if this interests you that much<\/p>\n<\/div>\n<p>Brett Callow of specialist anti-ransomware firm Emsisoft told <i>The Register<\/i> that the reported payoff was relatively small, saying: &#8220;The highest demand to have become publicly known is $50m and, given the massive disruption this incident is causing and its cost implications, $5m seems surprisingly modest. Still, if it really has been paid, it&#8217;ll certainly help keep critical infrastructure in the ransomware gangs&#8217; crosshairs. If a sector proves to be profitable, they&#8217;ll attack it again and again and again.&#8221;<\/p>\n<p>Colonial was <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/05\/13\/colonial_pipeline_hiring_cybersecurity_manager\/\" rel=\"noopener noreferrer\">hiring<\/a> a new cybersecurity manager a month ago. Whoever gets that gig probably has a very interesting few days ahead of them.<\/p>\n<p>The ransomware gang operates under the moniker Darkside and is tracked by Western infosec companies under at least a dozen different names. It is said to have been active since August last year and to have been responsible for around 80 compromises so far. When the pipeline stopped last week, and the FBI <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.fbi.gov\/news\/pressrel\/press-releases\/fbi-statement-on-compromise-of-colonial-pipeline-networks\">got involved<\/a>, the Russian-speaking criminals behind the crew issued a statement via their Tor-hosted blog claiming they were just doing business and had no ulterior motive.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Translated, this seems to have been a desperate plea to the powers-that-be in their Russian-speaking homeland not to track them down and send them to the gulag for triggering international attention after knocking out a piece of critical technology supplying the US East Coast&#8217;s liquid hydrocarbon needs. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/05\/13\/colonial_pipeline_ransom\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Anonymous sources get into war-by-media counterbriefing Colonial Pipeline&#8217;s operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week&#8217;s ransomware infection.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-40862","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-13T17:44:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report\",\"datePublished\":\"2021-05-13T17:44:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/\"},\"wordCount\":659,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/\",\"name\":\"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-05-13T17:44:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/","og_locale":"en_US","og_type":"article","og_title":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-13T17:44:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report","datePublished":"2021-05-13T17:44:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/"},"wordCount":659,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/","url":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/","name":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-05-13T17:44:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJ2c6Joh33UCNxd3GBbHZgAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/ransomware-victim-colonial-pipeline-paid-5m-to-get-oil-pumping-again-restored-from-backups-anyway-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway \u2013 report"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40862"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40862\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}