Colonial Pipeline ransomware attack

<h2 id="background">Background</h2>
The pipeline network operated by Colonial Pipeline carries gasoline, diesel, and jet fuel from <a href="/facts/Texas/B987WHF0">Texas</a> to <a href="/facts/New_York_(state)/mnl67G1G">New York</a>. About 45% of all fuel consumed on the East Coast arrives via the pipeline system.<a class="footnote-ref" id="fnref:19" href="#fn:19">19</a> The attack occurred amid rising concerns about the vulnerability of <a href="/facts/Critical_infrastructure/p0QG0R1h">critical infrastructure</a> to cyberattacks, following several high-profile incidents, such as the 2020 <a href="/facts/SolarWinds_hack/3Y1q1fWl">SolarWinds hack</a>, which affected multiple U.S. federal government agencies, including the Departments of Defense, Treasury, State, and <a href="/facts/Homeland_security/Uz6ITRXM">Homeland Security</a>.<a class="footnote-ref" id="fnref:20" href="#fn:20">20</a><a class="footnote-ref" id="fnref:21" href="#fn:21">21</a>

<h2 id="attack">Attack</h2>
The attackers gained access to the system using a compromised password for an inactive <a href="/facts/Virtual_private_network/HX1WUQ3E">virtual private network</a> (VPN) account, which did not have <a href="/facts/Multi-factor_authentication/186gpx8R">multi-factor authentication</a> enabled.<a class="footnote-ref" id="fnref:22" href="#fn:22">22</a><a class="footnote-ref" id="fnref:23" href="#fn:23">23</a> 

<h2 id="consequences">Consequences</h2>

The attack primarily targeted the company's billing infrastructure. However, the oil pumping systems remained operational. According to CNN sources within the company, the inability to bill customers was cited as the reason for halting pipeline operations.<a class="footnote-ref" id="fnref:24" href="#fn:24">24</a> Colonial Pipeline reported shutting down the pipeline as a precaution, citing concerns that hackers might have accessed information enabling further attacks on vulnerable infrastructure. The day after the attack, Colonial Pipeline stated it could not confirm when the pipeline would resume normal operations.<a class="footnote-ref" id="fnref:25" href="#fn:25">25</a> The attackers stole nearly 100 gigabytes of data and threatened to release it online if the ransom was not paid.<a class="footnote-ref" id="fnref:26" href="#fn:26">26</a> Reports indicated that within hours of the attack, the company paid a ransom of nearly 75 <a href="/facts/Bitcoins/UJvqfray">Bitcoins</a> ($4.4 million USD) in exchange for a decryption tool. However, the tool was reportedly slow, and the company's business continuity measures proved more effective in restoring operations.<a class="footnote-ref" id="fnref:27" href="#fn:27">27</a><a class="footnote-ref" id="fnref:28" href="#fn:28">28</a>
On May 9, Colonial stated they planned to substantially repair and restore the pipeline's operations by the end of the week.<a class="footnote-ref" id="fnref:29" href="#fn:29">29</a>
In response to fuel shortages at <a href="/facts/Charlotte_Douglas_International_Airport/5xxxR0QK">Charlotte Douglas International Airport</a> following the pipeline shutdown, <a href="/facts/American_Airlines/lpwGQXER">American Airlines</a> temporarily adjusted its flight schedules.<a class="footnote-ref" id="fnref:30" href="#fn:30">30</a> At least two flights, to <a href="/facts/Honolulu/DF2WutFs">Honolulu</a> and <a href="/facts/London/KozCCsy9">London</a>, required additional fuel stops or plane changes over a four-day period. The shortage also led <a href="/facts/Hartsfield%E2%80%93Jackson_Atlanta_International_Airport/ev2ekh61">Hartsfield–Jackson Atlanta International Airport</a> to rely on alternative fuel suppliers. At least five other airports were also directly affected by the pipeline shutdown.<a class="footnote-ref" id="fnref:31" href="#fn:31">31</a>
Fuel shortages emerged at <a href="/facts/Filling_station/8tKyIht7">filling stations</a>, exacerbated by <a href="/facts/Panic_buying/Ve46NE7k">panic buying</a>, as the pipeline shutdown entered its fourth day.<a class="footnote-ref" id="fnref:32" href="#fn:32">32</a><a class="footnote-ref" id="fnref:33" href="#fn:33">33</a> Fuel shortages were reported in <a href="/facts/Alabama/1Xk8EveN">Alabama</a>, <a href="/facts/Florida/cF245A3Q">Florida</a>, <a href="/facts/Georgia_(U.S._State)/KKnTDY6F">Georgia</a>, <a href="/facts/North_Carolina/VhKNTULI">North Carolina</a>, and <a href="/facts/South_Carolina/lQQX84IS">South Carolina</a>.<a class="footnote-ref" id="fnref:34" href="#fn:34">34</a> The most affected areas ranged from northern South Carolina to southern Virginia. In Charlotte, 71% of filling stations were out of fuel by May 11,<a class="footnote-ref" id="fnref:35" href="#fn:35">35</a> while in <a href="/facts/Washington,_D.C./enXPK156">Washington D.C.</a>, 87% of stations had run out by May 14.<a class="footnote-ref" id="fnref:36" href="#fn:36">36</a> Average fuel prices rose to their highest level since 2014, exceeding $3 per gallon.<a class="footnote-ref" id="fnref:37" href="#fn:37">37</a>
Experts have stated that the attacks were preventable but that essential protective measures were not in place. Although the East Coast gasoline shortage and <a href="/facts/DarkSide_(hacker_group)/Xo9k5jKN">Darkside</a>'s receipt of the ransom had significant consequences, they were not the most critical implications of the incident. The broader concern was the cybersecurity vulnerabilities and their potential impact on critical infrastructure in the United States.<a class="footnote-ref" id="fnref:38" href="#fn:38">38</a>

<h2 id="responses">Responses</h2>
U.S. President <a href="/facts/Joe_Biden/fe2ThfUp">Joe Biden</a> declared a <a href="/facts/State_of_emergency/YYWgKFPq">state of emergency</a> on May 9, 2021. During regular times there were limits on the amount of petroleum products that could be transported by road, rail, etc., domestically within the U.S. mainland. However, with the declaration in place, these were temporarily suspended.<a class="footnote-ref" id="fnref:39" href="#fn:39">39</a>
On May 10, Georgia Governor <a href="/facts/Brian_Kemp/CnAgCpoS">Brian Kemp</a> declared a state of emergency,<a class="footnote-ref" id="fnref:40" href="#fn:40">40</a> and temporarily waived collection of the <a href="/facts/Fuel_taxes_in_the_United_States/lBvP2qNd">state's taxes on motor fuels</a> (diesel and gasoline).<a class="footnote-ref" id="fnref:41" href="#fn:41">41</a> In response to <a href="/facts/Panic_buying/Ve46NE7k">panic buying</a> in the Southeast, U.S. Transportation Secretary <a href="/facts/Pete_Buttigieg/gvhItsPN">Pete Buttigieg</a> and U.S. Energy Secretary <a href="/facts/Jennifer_Granholm/neQhhMQ4">Jennifer Granholm</a> on May 12 both cautioned against gasoline hoarding, reiterating that the United States was undergoing a "supply crunch" rather than a gas shortage.<a class="footnote-ref" id="fnref:42" href="#fn:42">42</a><a class="footnote-ref" id="fnref:43" href="#fn:43">43</a>
On May 12, the <a href="/facts/U.S._Consumer_Product_Safety_Commission/cun9ftPD">U.S. Consumer Product Safety Commission</a> advised people to "not fill <a href="/facts/Plastic_bag/7keA8Q57">plastic bags</a> with gasoline" or to use any containers not <a href="/facts/Fuel_container/kjrpySpK">meant for fuel</a>.<a class="footnote-ref" id="fnref:44" href="#fn:44">44</a>
Biden signed Executive Order 14028<a class="footnote-ref" id="fnref:45" href="#fn:45">45</a> on May 12, increasing software security standards for sales to the government, tighten detection and security on existing systems, improve information sharing and training, establish a Cyber Safety Review Board, and improve incident response. The <a href="/facts/United_States_Department_of_Justice/2SuTuevo">United States Department of Justice</a> also convened a cybersecurity task force to increase prosecutions.<a class="footnote-ref" id="fnref:46" href="#fn:46">46</a>
The Department of State issued a statement that a $10,000,000 reward would be given out in case of information leading to the arrest of DarkSide members.<a class="footnote-ref" id="fnref:47" href="#fn:47">47</a>

<h3>Perpetrators</h3>
DarkSide released a statement on May 9 that did not directly mention the attack, but claimed that "our goal is to make money, and not creating problems for society."<a class="footnote-ref" id="fnref:48" href="#fn:48">48</a><a class="footnote-ref" id="fnref:49" href="#fn:49">49</a>

<h2 id="pipeline-restart">Pipeline restart</h2>
The restart of pipeline operations began at 5 p.m. on May 12,<a class="footnote-ref" id="fnref:50" href="#fn:50">50</a><a class="footnote-ref" id="fnref:51" href="#fn:51">51</a> ending a six-day shutdown, although Colonial Pipeline Company warned that it could take several more days for service to return to normal. The pipeline company stated that several markets that are served by the pipeline may experience, or continue to experience, intermittent service interruptions during the restart. The company also stated that they would move as much gasoline, diesel and jet fuel as safely possible until markets return to normal.<a class="footnote-ref" id="fnref:52" href="#fn:52">52</a><a class="footnote-ref" id="fnref:53" href="#fn:53">53</a> All Colonial Pipeline systems and operations had returned to normal by May 15.<a class="footnote-ref" id="fnref:54" href="#fn:54">54</a> After the shutdown, the average national price of gasoline rose to the highest it had been in over six years, to about an average of <a href="/facts/US$/naEEDUhC">US$</a>3.04 a gallon on May 18. The price increase was more pronounced in the southern states, with prices rising between 9 and 16 cents in the Carolinas, Tennessee, Virginia, and Georgia. Around 10,600 gas stations were still without gas as of May 18.<a class="footnote-ref" id="fnref:55" href="#fn:55">55</a><a class="footnote-ref" id="fnref:56" href="#fn:56">56</a><a class="footnote-ref" id="fnref:57" href="#fn:57">57</a>
In a May 19, 2021, interview with <a href="/facts/The_Wall_Street_Journal/9Pkf2cYK">The Wall Street Journal</a>, Joseph Blount said why he ultimately decided to pay a $4.4 million ransom to hackers who breached the company's systems; "It was the right thing to do for the country." He also said, "I know that's a highly controversial decision".<a class="footnote-ref" id="fnref:58" href="#fn:58">58</a>

<h2 id="investigations">Investigations</h2>
Biden said on May 10 that though there was no evidence that the Russian government was responsible for the attack, there was evidence that the <a href="/facts/DarkSide_(hacking_group)/Xo9k5jKN">DarkSide</a> group is in Russia, and that thus, Russian authorities "have some responsibility to deal with this".<a class="footnote-ref" id="fnref:59" href="#fn:59">59</a><a class="footnote-ref" id="fnref:60" href="#fn:60">60</a> Independent cybersecurity researchers have also stated the hacking group is Russian as their malware avoids encrypting files in a system where the language is set to Russian.<a class="footnote-ref" id="fnref:61" href="#fn:61">61</a><a class="footnote-ref" id="fnref:62" href="#fn:62">62</a>
In the aftermath of the attack, it was revealed at a <a href="/facts/United_States_Senate_Committee_on_Armed_Services/SU9hJyob">Senate Armed Services cyber subcommittee</a> hearing that the <a href="/facts/Department_of_Homeland_Security/jwz5gLfa">Department of Homeland Security</a> was not alerted to the ransomware attack and that the Justice Department was not alerted to the ransom type or amount, prompting discussion about the numerous <a href="/facts/Information_silo/2Jjqauzo">information silos</a> in the government and difficulties of sharing.<a class="footnote-ref" id="fnref:63" href="#fn:63">63</a>
Blockchain analytics firm Elliptic published a <a href="/facts/Bitcoin/UJvqfray">bitcoin</a> wallet report showing $90 million in bitcoin ransom payments were made to DarkSide or DarkSide affiliates over the last year, originating from 47 distinct wallets. According to a DarkTracer release of 2226 victim organizations since May 2019, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom and that the average payment was $1.9 million. The DarkSide developer had received bitcoins worth $15.5 million (17%), with the remaining $74.7 million (83%) going to the various affiliates.<a class="footnote-ref" id="fnref:64" href="#fn:64">64</a><a class="footnote-ref" id="fnref:65" href="#fn:65">65</a>

<h3>Partial ransom recovery</h3>

The U.S. Department of Justice issued a press release on June 7, 2021, stating that it had seized 63.7 Bitcoins from the original ransom payment.<a class="footnote-ref" id="fnref:66" href="#fn:66">66</a> The value of the recovered Bitcoins was only $2.3 million, because the trading price of Bitcoin had fallen since the date of the ransom payment. Through possession of the private key of the ransom account, the FBI was able to retrieve the Bitcoin, though it did not disclose how it obtained the private key.<a class="footnote-ref" id="fnref:67" href="#fn:67">67</a><a class="footnote-ref" id="fnref:68" href="#fn:68">68</a>

<h2 id="see-also">See also</h2>
<ul><li><a href="/facts/2020_Colonial_Pipeline_oil_spill/fqsVkD2M">2020 Colonial Pipeline oil spill</a></li>
<li><a href="/facts/Steamship_Authority_cyberattack/UGshe65K">Steamship Authority cyberattack</a></li>
<li><a href="/facts/Health_Service_Executive_cyberattack/r6eRVgDv">Health Service Executive cyberattack</a></li></ul>

<h2 id="external-links">External links</h2>
<ul><li> Media related to Colonial Pipeline cyberattack at Wikimedia Commons</li></ul>

<h2 id="references">References</h2>

<ol>
<li id="fn:1">Bing, Christopher; Kelly, Stephanie (May 8, 2021). "Cyber attack shuts down top U.S. fuel pipeline network". Reuters. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/" target="_blank">https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></li>
<li id="fn:2">Segers, Grace (May 8, 2021). "Cyberattack prompts major pipeline operator to halt operations". CBS News. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.cbsnews.com/news/colonial-pipeline-cyberattack-halt-operations/" target="_blank">https://www.cbsnews.com/news/colonial-pipeline-cyberattack-halt-operations/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></li>
<li id="fn:3">Peñaloza, Marisa (May 8, 2021). "Cybersecurity Attack Shuts Down A Top U.S. Gasoline Pipeline". NPR. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.npr.org/2021/05/08/995040240/cybersecurity-attack-shuts-down-a-top-u-s-gasoline-pipeline" target="_blank">https://www.npr.org/2021/05/08/995040240/cybersecurity-attack-shuts-down-a-top-u-s-gasoline-pipeline</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></li>
<li id="fn:4">Sanger, David; Krauss, Clifford; Perlroth, Nicole (May 8, 2021). "Cyberattack Forces a Shutdown of a Top U.S. Pipeline". New York Times. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html" target="_blank">https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></li>
<li id="fn:5">Eaton, Collin; Volz, Dustin (May 8, 2021). "U.S. Pipeline Cyberattack Forces Closure". Wall Street Journal. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737" target="_blank">https://www.wsj.com/articles/cyberattack-forces-closure-of-largest-u-s-refined-fuel-pipeline-11620479737</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></li>
<li id="fn:6">Stracqualursi, Veronica; Saenz, Arlette; Sands, Geneva (May 8, 2021). "Cyberattack forces major US fuel pipeline to shut down". CNN. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.cnn.com/2021/05/08/politics/colonial-pipeline-cybersecurity-attack/index.html" target="_blank">https://www.cnn.com/2021/05/08/politics/colonial-pipeline-cybersecurity-attack/index.html</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></li>
<li id="fn:7">Romero, Dennis (May 8, 2021). "Colonial Pipeline blames ransomware for pipeline shutdown". NBC News. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.nbcnews.com/news/us-news/cyberattack-forces-colonial-pipeline-shut-major-fuel-line-n1266737" target="_blank">https://www.nbcnews.com/news/us-news/cyberattack-forces-colonial-pipeline-shut-major-fuel-line-n1266737</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></li>
<li id="fn:8">Marquardt, Alex; Perez, Evan; Cohen, Zachary (June 7, 2021). "First on CNN: US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers | CNN Politics". CNN. Retrieved July 16, 2023. <a href="https://www.cnn.com/2021/06/07/politics/colonial-pipeline-ransomware-recovered/index.html" target="_blank">https://www.cnn.com/2021/06/07/politics/colonial-pipeline-ransomware-recovered/index.html</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></li>
<li id="fn:9">Turton, William; Riley, Michael; Jacobs, Jennifer (May 12, 2021). "Colonial Pipeline Paid Hackers nearly $5 Million in Ransom". Bloomberg. <a href="https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom" target="_blank">https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></li>
<li id="fn:10">Turton, William; Riley, Michael; Jacobs, Jennifer (May 12, 2021). "Colonial Pipeline Paid Hackers nearly $5 Million in Ransom". Bloomberg. <a href="https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom" target="_blank">https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></li>
<li id="fn:11">Falconer, Rebecca (May 10, 2021). "Emergency declaration issued in 17 states and D.C. over fuel pipeline cyberattack". Axios. Retrieved May 10, 2021. <a href="https://www.axios.com/2021/05/10/fuel-pipeline-cyberattack-us-state-of-emergency" target="_blank">https://www.axios.com/2021/05/10/fuel-pipeline-cyberattack-us-state-of-emergency</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></li>
<li id="fn:12">Gonzalez, Gloria; Lefebvre, Ben; Geller, Eric (May 8, 2021). "'Jugular' of the U.S. fuel pipeline system shuts down after cyberattack". Politico. Archived from the original on May 9, 2021. Retrieved May 9, 2021. The infiltration of a major fuel pipeline is "the most significant, successful attack on energy infrastructure we know of." <a href="https://www.politico.com/news/2021/05/08/colonial-pipeline-cyber-attack-485984" target="_blank">https://www.politico.com/news/2021/05/08/colonial-pipeline-cyber-attack-485984</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></li>
<li id="fn:13">Javers, Eamon (May 10, 2021). "Here's the hacking group responsible for the Colonial Pipeline shutdown". CNBC. Archived from the original on May 10, 2021. Retrieved May 11, 2021. <a href="https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html" target="_blank">https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></li>
<li id="fn:14">Robertson, Jordan; Turton, William (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News. Archived from the original on May 9, 2021. Retrieved May 9, 2021. <a href="https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown" target="_blank">https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></li>
<li id="fn:15">Mallin, Alexander; Barr, Luke (June 8, 2021). "DOJ seizes millions in ransom paid by Colonial Pipeline". ABC News. Retrieved July 16, 2023. <a href="https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821" target="_blank">https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821</a> <a href="#fnref:15" class="footnote-back-ref">↩</a></li>
<li id="fn:16">Morrow, Allison (May 22, 2021). "A crypto crash wiped out $1 trillion this week. Here's what happened | CNN Business". CNN. Retrieved November 29, 2023. <a href="https://www.cnn.com/2021/05/22/investing/crypto-crash-bitcoin-regulation/index.html" target="_blank">https://www.cnn.com/2021/05/22/investing/crypto-crash-bitcoin-regulation/index.html</a> <a href="#fnref:16" class="footnote-back-ref">↩</a></li>
<li id="fn:17">Mallin, Alexander; Barr, Luke (June 8, 2021). "DOJ seizes millions in ransom paid by Colonial Pipeline". ABC News. Retrieved July 16, 2023. <a href="https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821" target="_blank">https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821</a> <a href="#fnref:17" class="footnote-back-ref">↩</a></li>
<li id="fn:18">Turton, William; Mehrotra, Kartikay (June 4, 2021). "Hackers Breached Colonial Pipeline Using Compromised Password". Bloomberg.com. Retrieved August 25, 2022. <a href="https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password" target="_blank">https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password</a> <a href="#fnref:18" class="footnote-back-ref">↩</a></li>
<li id="fn:19">Walsh, Joe. "Ransomware Attack Shuts Down Massive East Coast Gasoline Pipeline". Forbes. Retrieved February 6, 2022. <a href="https://www.forbes.com/sites/joewalsh/2021/05/08/ransomware-attack-shuts-down-massive-east-coast-gasoline-pipeline/" target="_blank">https://www.forbes.com/sites/joewalsh/2021/05/08/ransomware-attack-shuts-down-massive-east-coast-gasoline-pipeline/</a> <a href="#fnref:19" class="footnote-back-ref">↩</a></li>
<li id="fn:20">Peñaloza, Marisa (May 8, 2021). "Cybersecurity Attack Shuts Down A Top U.S. Gasoline Pipeline". NPR. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.npr.org/2021/05/08/995040240/cybersecurity-attack-shuts-down-a-top-u-s-gasoline-pipeline" target="_blank">https://www.npr.org/2021/05/08/995040240/cybersecurity-attack-shuts-down-a-top-u-s-gasoline-pipeline</a> <a href="#fnref:20" class="footnote-back-ref">↩</a></li>
<li id="fn:21">Walton, Robert (May 11, 2021). "Colonial Pipeline hack highlights grid disruption risks even with IT-focused cyberattack, analysts say". UtilityDive. <a href="https://www.utilitydive.com/news/colonial-pipeline-hack-highlights-grid-disruption-risks-even-with-it-focuse/599942/" target="_blank">https://www.utilitydive.com/news/colonial-pipeline-hack-highlights-grid-disruption-risks-even-with-it-focuse/599942/</a> <a href="#fnref:21" class="footnote-back-ref">↩</a></li>
<li id="fn:22">Jack Beerman; David Berent; Zach Falter; Suman Bhunia (May 1–4, 2023). A Review of Colonial Pipeline Ransomware Attack. 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW). Bangalore, India: IEEE. doi:10.1109/CCGridW59191.2023.00017. Retrieved November 27, 2024.{{cite conference}}: CS1 maint: multiple names: authors list (link) <a href="https://ieeexplore.ieee.org/document/101.00017" target="_blank">https://ieeexplore.ieee.org/document/101.00017</a> <a href="#fnref:22" class="footnote-back-ref">↩</a></li>
<li id="fn:23">Sands, Brian Fung,Geneva (June 5, 2021). "Ransomware attackers used compromised password to access Colonial Pipeline network | CNN Politics". CNN. Retrieved November 27, 2024.{{cite web}}: CS1 maint: multiple names: authors list (link) <a href="https://edition.cnn.com/2021/06/04/politics/colonial-pipeline-ransomware-attack-password/index.html" target="_blank">https://edition.cnn.com/2021/06/04/politics/colonial-pipeline-ransomware-attack-password/index.html</a> <a href="#fnref:23" class="footnote-back-ref">↩</a></li>
<li id="fn:24">Bertrand, Natasha; Perez, Evan; Cohen, Zachary; Sands, Geneva; Campbell, Josh. "Colonial Pipeline did pay ransom to hackers, sources now say". CNN. Retrieved May 23, 2021. <a href="https://edition.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html" target="_blank">https://edition.cnn.com/2021/05/12/politics/colonial-pipeline-ransomware-payment/index.html</a> <a href="#fnref:24" class="footnote-back-ref">↩</a></li>
<li id="fn:25">Sanger, David; Krauss, Clifford; Perlroth, Nicole (May 8, 2021). "Cyberattack Forces a Shutdown of a Top U.S. Pipeline". New York Times. Archived from the original on May 8, 2021. Retrieved May 8, 2021. <a href="https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html" target="_blank">https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html</a> <a href="#fnref:25" class="footnote-back-ref">↩</a></li>
<li id="fn:26">Robertson, Jordan; Turton, William (May 8, 2021). "Colonial Hackers Stole Data Thursday Ahead of Shutdown". Bloomberg News. Archived from the original on May 9, 2021. Retrieved May 9, 2021. <a href="https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown" target="_blank">https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown</a> <a href="#fnref:26" class="footnote-back-ref">↩</a></li>
<li id="fn:27">Perlroth, Nicole (May 13, 2021). "Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers". The New York Times. Archived from the original on January 15, 2022. Retrieved May 13, 2021. <a href="https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html" target="_blank">https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html</a> <a href="#fnref:27" class="footnote-back-ref">↩</a></li>
<li id="fn:28">Turton, William; Riley, Michael; Jacobs, Jennifer (May 13, 2021). "Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom". Bloomberg News. Retrieved June 8, 2021. Once [Colonial] received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company's efforts said. <a href="https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom" target="_blank">https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom</a> <a href="#fnref:28" class="footnote-back-ref">↩</a></li>
<li id="fn:29">Bomey, Nathan; Shesgreen, Deirdre (May 10, 2021). "Colonial Pipeline looking to 'substantially restore operations by end of week". USA TODAY. Archived from the original on May 10, 2021. Retrieved May 10, 2021. <a href="https://www.usatoday.com/story/money/2021/05/10/gas-prices-colonial-pipeline-ransomware-attack-cyberattack/5019214001/" target="_blank">https://www.usatoday.com/story/money/2021/05/10/gas-prices-colonial-pipeline-ransomware-attack-cyberattack/5019214001/</a> <a href="#fnref:29" class="footnote-back-ref">↩</a></li>
<li id="fn:30">Rucinski, Tracy (May 11, 2021). Schmollinger, Christian (ed.). "American Airlines adds fuel stops to two flights after pipeline outage". Reuters. Archived from the original on June 17, 2021. Retrieved May 11, 2021. <a href="https://www.reuters.com/business/energy/american-airlines-adds-fuel-stops-two-flights-after-pipeline-outage-2021-05-11/" target="_blank">https://www.reuters.com/business/energy/american-airlines-adds-fuel-stops-two-flights-after-pipeline-outage-2021-05-11/</a> <a href="#fnref:30" class="footnote-back-ref">↩</a></li>
<li id="fn:31">Josephs, Leslie (May 11, 2021). "Pipeline outage forces American Airlines to add stops to some long-haul flights". CNBC. Archived from the original on May 12, 2021. Retrieved May 11, 2021. <a href="https://www.cnbc.com/2021/05/10/colonial-pipeline-shutdown-forces-airlines-to-consider-other-ways-to-get-fuel.html" target="_blank">https://www.cnbc.com/2021/05/10/colonial-pipeline-shutdown-forces-airlines-to-consider-other-ways-to-get-fuel.html</a> <a href="#fnref:31" class="footnote-back-ref">↩</a></li>
<li id="fn:32">Carroll, Joe; Luz, Andres Guerra; Shah, Jill R. (May 9, 2021). "Gas Stations Run Dry as Pipeline Races to Recover From Hacking". Bloomberg News. Archived from the original on May 10, 2021. Retrieved May 11, 2021. <a href="https://www.bloomberg.com/news/articles/2021-05-09/u-s-fuel-sellers-scramble-for-alternatives-to-hacked-pipeline" target="_blank">https://www.bloomberg.com/news/articles/2021-05-09/u-s-fuel-sellers-scramble-for-alternatives-to-hacked-pipeline</a> <a href="#fnref:32" class="footnote-back-ref">↩</a></li>
<li id="fn:33">Bair, Jeffrey; Blas, Javier (May 11, 2021). "Petrol shortages sweep US as Colonial Pipeline remains down". Al Jazeera. Archived from the original on May 11, 2021. Retrieved May 11, 2021. <a href="https://www.aljazeera.com/economy/2021/5/11/petrol-shortages-sweep-us-as-colonial-pipeline-remains-down" target="_blank">https://www.aljazeera.com/economy/2021/5/11/petrol-shortages-sweep-us-as-colonial-pipeline-remains-down</a> <a href="#fnref:33" class="footnote-back-ref">↩</a></li>
<li id="fn:34">Carroll, Joe; Luz, Andres Guerra; Shah, Jill R. (May 9, 2021). "Gas Stations Run Dry as Pipeline Races to Recover From Hacking". Bloomberg News. Archived from the original on May 10, 2021. Retrieved May 11, 2021. <a href="https://www.bloomberg.com/news/articles/2021-05-09/u-s-fuel-sellers-scramble-for-alternatives-to-hacked-pipeline" target="_blank">https://www.bloomberg.com/news/articles/2021-05-09/u-s-fuel-sellers-scramble-for-alternatives-to-hacked-pipeline</a> <a href="#fnref:34" class="footnote-back-ref">↩</a></li>
<li id="fn:35">Lee, Ron (May 11, 2021). "GasBuddy reports 71% of gas stations without fuel in Charlotte metro amid Colonial Pipeline shutdown". WBTV. Charlotte, NC. Archived from the original on May 12, 2021. Retrieved May 12, 2021. <a href="https://www.wbtv.com/2021/05/11/long-lines-charlotte-gas-supply-squeezed/" target="_blank">https://www.wbtv.com/2021/05/11/long-lines-charlotte-gas-supply-squeezed/</a> <a href="#fnref:35" class="footnote-back-ref">↩</a></li>
<li id="fn:36">Shah, Jill R.; Bair, Jeffrey (May 13, 2021). "Gasoline Pinch to Grind on for Weeks With Truck Shortage". Bloomberg.com. Retrieved July 16, 2023. <a href="https://www.bloomberg.com/news/articles/2021-05-13/gasoline-pinch-may-grind-on-for-week-or-more-amid-truck-shortage" target="_blank">https://www.bloomberg.com/news/articles/2021-05-13/gasoline-pinch-may-grind-on-for-week-or-more-amid-truck-shortage</a> <a href="#fnref:36" class="footnote-back-ref">↩</a></li>
<li id="fn:37">Englund, Will; Nakashima, Ellen (May 12, 2021). "Panic buying strikes Southeastern United States as shuttered pipeline resumes operations". Washington Post. Archived from the original on May 14, 2021. Retrieved May 13, 2021. <a href="https://www.washingtonpost.com/business/2021/05/12/gas-shortage-colonial-pipeline-live-updates/" target="_blank">https://www.washingtonpost.com/business/2021/05/12/gas-shortage-colonial-pipeline-live-updates/</a> <a href="#fnref:37" class="footnote-back-ref">↩</a></li>
<li id="fn:38">Beerman, Jack; Berent, David; Falter, Zach; Bhunia, Suman (May 2023). "A Review of Colonial Pipeline Ransomware Attack". 2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW). IEEE. pp. 8–15. doi:10.1109/CCGridW59191.2023.00017. ISBN 979-8-3503-0208-0. <a href="979-8-3503-0208-0" target="_blank">979-8-3503-0208-0</a> <a href="#fnref:38" class="footnote-back-ref">↩</a></li>
<li id="fn:39">Russon, Mary-Ann (May 10, 2021). "US fuel pipeline hackers 'didn't mean to create problems'". BBC News. Archived from the original on May 10, 2021. Retrieved May 10, 2021. <a href="https://www.bbc.com/news/business-57050690" target="_blank">https://www.bbc.com/news/business-57050690</a> <a href="#fnref:39" class="footnote-back-ref">↩</a></li>
<li id="fn:40">Mahtani, Melissa; Macaya, Melissa; Hayes, Mike; Rocha, Veronica (May 11, 2021). "Latest on the US gas demand spikes". CNN. Archived from the original on May 12, 2021. Retrieved May 12, 2021. <a href="https://www.cnn.com/us/live-news/us-gas-demand-hack-05-11-21/index.html" target="_blank">https://www.cnn.com/us/live-news/us-gas-demand-hack-05-11-21/index.html</a> <a href="#fnref:40" class="footnote-back-ref">↩</a></li>
<li id="fn:41">"Kemp extends Georgia gas tax waiver due to pipeline outage". Associated Press. May 14, 2021. <a href="https://apnews.com/article/georgia-hacking-technology-government-and-politics-business-bc290931a741d6d0b897423b91b0c6d4" target="_blank">https://apnews.com/article/georgia-hacking-technology-government-and-politics-business-bc290931a741d6d0b897423b91b0c6d4</a> <a href="#fnref:41" class="footnote-back-ref">↩</a></li>
<li id="fn:42">Wagner, Meg; Macay, Melissa; Hayes, Mike; Mahtani, Melissa; Rocha, Veronica. "Gas shortages at some US stations: Live updates". CNN. Archived from the original on May 12, 2021. Retrieved May 12, 2021. <a href="https://www.cnn.com/business/live-news/us-gas-demand-05-12-21/index.html" target="_blank">https://www.cnn.com/business/live-news/us-gas-demand-05-12-21/index.html</a> <a href="#fnref:42" class="footnote-back-ref">↩</a></li>
<li id="fn:43">Brito, Christopher (May 12, 2021). "Officials warn people not to fill plastic bags with gasoline amid panic over gas shortage". CBS News. Archived from the original on May 12, 2021. Retrieved May 13, 2021. <a href="https://www.cbsnews.com/news/gas-shortage-plastic-bags-warning/" target="_blank">https://www.cbsnews.com/news/gas-shortage-plastic-bags-warning/</a> <a href="#fnref:43" class="footnote-back-ref">↩</a></li>
<li id="fn:44">Brito, Christopher (May 12, 2021). "Officials warn people not to fill plastic bags with gasoline amid panic over gas shortage". CBS News. Archived from the original on May 12, 2021. Retrieved May 13, 2021. <a href="https://www.cbsnews.com/news/gas-shortage-plastic-bags-warning/" target="_blank">https://www.cbsnews.com/news/gas-shortage-plastic-bags-warning/</a> <a href="#fnref:44" class="footnote-back-ref">↩</a></li>
<li id="fn:45">Executive Order on Improving the Nation’s Cybersecurity (full text) <a href="https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/" target="_blank">https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/</a> <a href="#fnref:45" class="footnote-back-ref">↩</a></li>
<li id="fn:46">Kelly, Mary Louise; Donevan, Connor; O'Connor, Gabe (May 13, 2021). "Biden Adviser On Cyber Threats And The New Executive Order To Combat Them". NPR. Retrieved July 16, 2023. <a href="https://www.npr.org/2021/05/13/996617560/biden-advisor-on-cyber-threats-and-the-new-executive-order-to-combat-them" target="_blank">https://www.npr.org/2021/05/13/996617560/biden-advisor-on-cyber-threats-and-the-new-executive-order-to-combat-them</a> <a href="#fnref:46" class="footnote-back-ref">↩</a></li>
<li id="fn:47">"Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice". United States Department of State. Retrieved December 31, 2021. <a href="https://www.state.gov/reward-offers-for-information-to-bring-darkside-ransomware-variant-co-conspirators-to-justice/" target="_blank">https://www.state.gov/reward-offers-for-information-to-bring-darkside-ransomware-variant-co-conspirators-to-justice/</a> <a href="#fnref:47" class="footnote-back-ref">↩</a></li>
<li id="fn:48">"DarkSide hackers behind Colonial Pipeline attack say they wanted cash, not chaos". Australian Broadcasting Corporation. May 10, 2021. Archived from the original on May 12, 2021. Retrieved May 10, 2021. <a href="https://www.abc.net.au/news/2021-05-11/darkside-says-aim-as-cash-no-chaos-colonial-pipeline/100130020" target="_blank">https://www.abc.net.au/news/2021-05-11/darkside-says-aim-as-cash-no-chaos-colonial-pipeline/100130020</a> <a href="#fnref:48" class="footnote-back-ref">↩</a></li>
<li id="fn:49">Russon, Mary-Ann (May 10, 2021). "US fuel pipeline hackers 'didn't mean to create problems'". BBC News. Archived from the original on May 10, 2021. Retrieved May 10, 2021. <a href="https://www.bbc.com/news/business-57050690" target="_blank">https://www.bbc.com/news/business-57050690</a> <a href="#fnref:49" class="footnote-back-ref">↩</a></li>
<li id="fn:50">Lyons, Kim (May 15, 2021). "Colonial Pipeline says operations back to normal following ransomware attack". The Verge. <a href="https://www.theverge.com/2021/5/15/22437730/colonial-pipeline-normal-ransomware-attack-fuel" target="_blank">https://www.theverge.com/2021/5/15/22437730/colonial-pipeline-normal-ransomware-attack-fuel</a> <a href="#fnref:50" class="footnote-back-ref">↩</a></li>
<li id="fn:51">"Media Statement Updated May 8, 2021: Colonial Pipeline System Disruption". Colonial Pipeline Company. Retrieved April 2, 2024. <a href="https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption" target="_blank">https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption</a> <a href="#fnref:51" class="footnote-back-ref">↩</a></li>
<li id="fn:52">Egan, Matt; Duffy, Clare (May 12, 2021). "Colonial Pipeline launches restart after six-day shutdown". CNN Business. Archived from the original on May 12, 2021. Retrieved May 12, 2021. <a href="https://www.cnn.com/2021/05/12/business/colonial-pipeline-restart/index.html" target="_blank">https://www.cnn.com/2021/05/12/business/colonial-pipeline-restart/index.html</a> <a href="#fnref:52" class="footnote-back-ref">↩</a></li>
<li id="fn:53">Krauss, Clifford; Sanger, David E. (May 12, 2021). "Colonial Pipeline Begins to Restart Flow of Fuel". The New York Times. Archived from the original on May 13, 2021. Retrieved May 12, 2021. <a href="https://www.nytimes.com/2021/05/12/business/energy-environment/pipeline-shutdown-latest-news.html" target="_blank">https://www.nytimes.com/2021/05/12/business/energy-environment/pipeline-shutdown-latest-news.html</a> <a href="#fnref:53" class="footnote-back-ref">↩</a></li>
<li id="fn:54">Lyons, Kim (May 15, 2021). "Colonial Pipeline says operations back to normal following ransomware attack". The Verge. <a href="https://www.theverge.com/2021/5/15/22437730/colonial-pipeline-normal-ransomware-attack-fuel" target="_blank">https://www.theverge.com/2021/5/15/22437730/colonial-pipeline-normal-ransomware-attack-fuel</a> <a href="#fnref:54" class="footnote-back-ref">↩</a></li>
<li id="fn:55">Eaton, Collin (May 18, 2021). "Colonial Pipeline Still Moving Fuel Despite Disruptions to Orders System". Wall Street Journal. ISSN 0099-9660. Retrieved May 19, 2021. <a href="https://www.wsj.com/articles/colonial-pipeline-ordering-system-disrupted-but-still-moving-fuel-11621358203" target="_blank">https://www.wsj.com/articles/colonial-pipeline-ordering-system-disrupted-but-still-moving-fuel-11621358203</a> <a href="#fnref:55" class="footnote-back-ref">↩</a></li>
<li id="fn:56">Thorbecke, Catherine (May 17, 2021). "Gas hits highest price in 6 years, fuel outages persist despite Colonial Pipeline restart". ABC News. Retrieved May 19, 2021. <a href="https://abcnews.go.com/US/gas-hits-highest-price-years-fuel-outages-persist/story?id=77735010" target="_blank">https://abcnews.go.com/US/gas-hits-highest-price-years-fuel-outages-persist/story?id=77735010</a> <a href="#fnref:56" class="footnote-back-ref">↩</a></li>
<li id="fn:57">Tobben, Sheela; Shah, Jill R. (May 18, 2021). "Colonial Pipeline's Computer Network Temporarily Goes Dark". Bloomberg. Archived from the original on May 18, 2021. Retrieved May 19, 2021. <a href="https://www.bloomberg.com/news/articles/2021-05-18/colonial-shippers-say-pipeline-communication-system-is-down" target="_blank">https://www.bloomberg.com/news/articles/2021-05-18/colonial-shippers-say-pipeline-communication-system-is-down</a> <a href="#fnref:57" class="footnote-back-ref">↩</a></li>
<li id="fn:58">Eaton, Collin; Volz, Dustin (May 19, 2021). "Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom". The Wall Street Journal. Retrieved May 20, 2021. <a href="https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636" target="_blank">https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636</a> <a href="#fnref:58" class="footnote-back-ref">↩</a></li>
<li id="fn:59">"Biden Says Russia Has 'Some Responsibility' In Pipeline Ransomware Attack". Radio Free Europe. May 10, 2021. Archived from the original on May 12, 2021. Retrieved May 11, 2021. <a href="https://www.rferl.org/a/fbi-confirms-darkside-hacker-group-pipeline-cyberattack-russia/31248174.html" target="_blank">https://www.rferl.org/a/fbi-confirms-darkside-hacker-group-pipeline-cyberattack-russia/31248174.html</a> <a href="#fnref:59" class="footnote-back-ref">↩</a></li>
<li id="fn:60">Russon, Mary-Ann (May 10, 2021). "US fuel pipeline hackers 'didn't mean to create problems'". BBC News. Archived from the original on May 10, 2021. Retrieved May 10, 2021. <a href="https://www.bbc.com/news/business-57050690" target="_blank">https://www.bbc.com/news/business-57050690</a> <a href="#fnref:60" class="footnote-back-ref">↩</a></li>
<li id="fn:61">Russon, Mary-Ann (May 10, 2021). "US fuel pipeline hackers 'didn't mean to create problems'". BBC News. Archived from the original on May 10, 2021. Retrieved May 10, 2021. <a href="https://www.bbc.com/news/business-57050690" target="_blank">https://www.bbc.com/news/business-57050690</a> <a href="#fnref:61" class="footnote-back-ref">↩</a></li>
<li id="fn:62">Rivero, Nicolás (May 10, 2021). "Hacking collective DarkSide are state-sanctioned pirates". Quartz. Archived from the original on May 12, 2021. Retrieved May 12, 2021. <a href="https://qz.com/2007399/the-darkside-hackers-are-state-sanctioned-pirates/" target="_blank">https://qz.com/2007399/the-darkside-hackers-are-state-sanctioned-pirates/</a> <a href="#fnref:62" class="footnote-back-ref">↩</a></li>
<li id="fn:63">Grady, John (May 18, 2021). "Lawmakers Grill Pentagon Officials on How to Prevent Another Colonial Pipeline-Style Attack". USNI News. <a href="https://news.usni.org/2021/05/18/lawmakers-grill-pentagon-homeland-security-officials-on-how-to-prevent-another-colonial-pipeline-style-attack" target="_blank">https://news.usni.org/2021/05/18/lawmakers-grill-pentagon-homeland-security-officials-on-how-to-prevent-another-colonial-pipeline-style-attack</a> <a href="#fnref:63" class="footnote-back-ref">↩</a></li>
<li id="fn:64">Robinson, Tom (May 18, 2021). "DarkSide Ransomware has Netted Over $90 million in Bitcoin". Elliptic.co. <a href="https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin" target="_blank">https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin</a> <a href="#fnref:64" class="footnote-back-ref">↩</a></li>
<li id="fn:65">Manfredi, Lucas (May 18, 2021). "Colonial Pipeline hacker Darkside reaped $90M from 47 victims". FOX Business. <a href="https://www.foxbusiness.com/money/colonial-pipeline-hacker-darkside-reaped-90m-from-victims" target="_blank">https://www.foxbusiness.com/money/colonial-pipeline-hacker-darkside-reaped-90m-from-victims</a> <a href="#fnref:65" class="footnote-back-ref">↩</a></li>
<li id="fn:66">Mallin, Alexander; Barr, Luke (June 8, 2021). "DOJ seizes millions in ransom paid by Colonial Pipeline". ABC News. Retrieved July 16, 2023. <a href="https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821" target="_blank">https://abcnews.go.com/Politics/doj-seizes-millions-ransom-paid-colonial-pipeline/story?id=78135821</a> <a href="#fnref:66" class="footnote-back-ref">↩</a></li>
<li id="fn:67">@dnvolz (June 7, 2021). "The FBI seized $2.3 million, roughly 64 bitcoin, from a bitcoin wallet said to contain proceeds from the ransom pay…" (Tweet) – via Twitter. <a href="https://x.com/dnvolz/status/1401986721810718725" target="_blank">https://x.com/dnvolz/status/1401986721810718725</a> <a href="#fnref:67" class="footnote-back-ref">↩</a></li>
<li id="fn:68">Bing, Christopher; Menn, Joseph; Lynch, Sarah N. (June 7, 2021). "U.S. seizes $2.3 mln in bitcoin paid to Colonial Pipeline hackers". Reuters. Archived from the original on July 3, 2021. Retrieved June 7, 2021. <a href="https://www.reuters.com/business/energy/us-announce-recovery-millions-colonial-pipeline-ransomware-attack-2021-06-07/" target="_blank">https://www.reuters.com/business/energy/us-announce-recovery-millions-colonial-pipeline-ransomware-attack-2021-06-07/</a> <a href="#fnref:68" class="footnote-back-ref">↩</a></li>
</ol>

Colonial Pipeline ransomware attack open-in-new

Colonial Pipeline ransomware attack