WASHINGTON: Colonial Pipeline’s CEO on Wednesday acknowledged to the Wall Street Journal that his company paid a $4.4 million ransom to hackers as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.
The 5,500-mile (8,850-km) Colonial Pipeline Co system closed last week after one of the most disruptive cyberattacks on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial Pipeline’s Chief Executive Joseph Blount told the Wall Street Journal that he paid the “extortion money” for the “greater good”.
“I know that’s a highly controversial decision,” Blount was quoted as saying. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Blount said the decision had been “the right thing to do for the country”.
Blount told the Journal he authorized the payment after the May 7 ransomware attack because the company didn’t know the extent of the damage and wasn’t sure how long it would take to bring the pipeline systems back.
The FBI discourages making ransom payments to ransomware attackers, because paying encourages criminal networks around the globe who have hit thousands of businesses and health care systems in the US in the past year alone. But many victims of ransomware attacks, where hackers demand large sums of money to decrypt stolen data or to prevent it from being leaked online, opt to pay.
The ransom payment, which was first reported by Bloomberg, illustrates the dilemma facing companies whose networks have been compromised by online extortionists.
On the one hand, companies can be completely paralyzed by hackers with potentially far-reaching consequences in cases like Colonial’s. On the other, paying ransoms effectively passes the problem forward, allowing cash-rich cybercriminals to move on to an increasing number of targets.
US officials have struggled to discourage companies from paying.
“Typically that is a private-sector decision,” Anne Neuberger, US Deputy National Security Adviser for Cyber, told reporters earlier this month.
Colonial Pipeline did not immediately return a message seeking further comment. The FBI did not immediately respond to an email. The hackers, alleged to be affiliated with the DarkSide cybercrime gang, have not returned repeated messages.
A source working with Colonial Pipeline and the government on the hack response and private sector security sources briefed on the situation had told Reuters last week that Colonial had not been planning to pay the ransom.
Multiple sources had confirmed to The Associated Press that Colonial Pipeline had paid the criminals who committed the cyberattack a ransom of nearly $5 million in cryptocurrency for the software decryption key required to unscramble their data network.
A ransom payment of 75 Bitcoin was paid the day after the criminals locked up Colonials corporate network, according to Tom Robinson, co-founder of the cryptocurrency-tracking firm Elliptic.
Blount told the Journal the attack was discovered around 5.30 am on May 7. It took Colonial about an hour to shut down the pipeline, which has 260 delivery points across 13 states and Washington, DC, he said. That helped prevent the infection from potentially migrating to the pipeline’s operational controls.
Published in Dawn, May 20th, 2021
Dear visitor, the comments section is undergoing an overhaul and will return soon.