Colonial Pipeline has cyber insurance arranged by broker Aon, with Lloyd's of London insurers AXA XL and Beazley among the underwriters, three sources told Reuters on Thursday.
Insurance Insider reported the news late on Wednesday, saying the cover was for at least $15 million.
Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.
The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said.
A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.
A representative from Colonial declined to comment, as did a spokesperson for the National Security Council.
The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.
On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources.
Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid — a kind of double extortion.
Deputy National Security Advisor Anne Neuberger on Monday acknowledged that sometimes companies may have no choice but to pay ransoms, telling reporters: “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.”
The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency says. Such guidance provides a quandary for victims who have to weigh the risks of not paying with the costs of lost or exposed records.
A report released last month by a ransomware task force said the amount paid by ransomware victims increased by 311% in 2020, reaching about $350 million in cryptocurrency. The average ransom paid by organizations in 2020 was $312,493, according to report.
Colonial, which operates the largest fuel pipeline in the U.S., became aware of the hack around May 7 and shut down its operations, which led to fuel shortages and lines at gas stations along the East Coast.
Colonial Pipeline has begun to restart the nation's largest fuel pipeline network after a ransomware attack shut the line, triggering fuel shortages and panic buying in the southeastern United States.
The cyberattack halted 2.5 million barrels per day of shipments of gasoline, diesel and jet fuel last Friday after the most disruptive cyberattack ever on U.S. energy infrastructure.
Cyber insurance typically covers ransom payments and insurers often provide staff to negotiate with the hackers, in addition to IT and public relations services.
Colonial Pipeline does not plan to pay the ransom, sources familiar with the company's response told Reuters on Wednesday.
Meanwhile,Swiss Re CEO Christian Mumenthaler has said that he is “not too surprised at all” that cyber criminals were able to successfully target and disrupt the operations of Colonial Pipeline, and warned that key infrastructures remain open to similar hacks.
Asked about the eventual cost and fallout of last week’s attack on the largest fuel pipeline in the US, Mumenthaler told reporters at CNBC that it’s “definitely too early to tell” what the damage is.
However, he noted that these kinds of sophisticated cyber attacks are “increasing constantly,” adding that “critical infrastructure is a problem and we’ve known for years that there are vulnerabilities around that.”
Mumenthaler argues that the private insurance market is simply not large enough to offer full cyber protection to vulnerable organisations, due to the systemic nature of cyber risk.
He observed that the cyber insurance market is currently worth around $5.5 billion in premium, compared to “gigantic” yearly losses that extend into the hundreds of billions of dollars.
“There’s a cyber market that’s very tiny compared to the total exposure,” he told CNBC. “It’s going to grow but only a tiny minority of cyber is actually insured.”
“And I would actually argue that overall the problem is so big it’s not insurable,” Mumenthaler continued. It’s just too big. Because there are events that can happen at the same time everywhere that are much more worrying than what you just saw.”
Analysts at McGill & Partners said earlier this week that the attack on Colonial Pipeline should serve as a “wakeup call to organisations all over the world.”
Colonial is currently faced with an extended period of disruption as it clears the ransomware hack from its system or costly negotiations with the attackers, and other firms could easily find themselves in a similar position, Head of Cyber Shannan Fort said.
Colonial Pipeline began to slowly restart the nation's largest fuel pipeline network on Wednesday after a ransomware attack shut the line, triggering fuel shortages and panic buying in the southeastern United States.
It will take several days for the 5,500 mile (8,850 km) pipeline to return to normal operations, Colonial said, even as motorists in southeastern states jammed stations seeking fuel. A return to ample supplies could take two weeks, analysts said.
The cyberattack halted 2.5 million barrels per day of shipments of gasoline, diesel and jet fuel last Friday after the most disruptive cyberattack ever on U.S. energy infrastructure. Sources familiar with Colonial's response said the company does not plan to pay the ransom demanded by hackers who encrypted data on the pipeline.
Colonial said it was working with cybersecurity experts to investigate the attack and had taken additional security measures before beginning the restart. The company said its control center is handling the restart of the pipeline, which stretches from refineries on the U.S. Gulf Coast to consumers in Mid-Atlantic and Southeast states. The supply crunch sparked panic buying in the U.S. Southeast, bringing long lines and high prices at gas stations ahead of the peak summer driving season.