Not sorry: Pipeline CEO defends ransomware payout to avoid ‘pandemonium’

Washington: A pipeline company CEO made no apologies for his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in US history.

Colonial Pipeline CEO Joseph Blount said on Tuesday (Wednesday AEST) he had no choice, telling senators uneasy with his actions that he feared far worse consequences given the uncertainty the company was confronting as the attack unfolded last month.

“I know how critical our pipeline is to the country,” Blount said, “and I put the interests of the country first”.

Colonial Pipeline CEO Joseph Blount says the decryption keys he bought from the hackers did not entirely restore the system. Credit:AFP

His testimony to the Senate Homeland Security Committee on the May 7 cyberattack provided a rare window into the dilemma faced by the private sector amid a storm of ransomware attacks in which overseas hackers breach a company’s network and encrypt their data, demanding a ransom to release it back to them.

US authorities tell companies not to pay the ransom, arguing the crooks may not provide the keys to unencrypt the data and that the payments will encourage future attacks and help sustain criminal networks typically based in Russia and Eastern Europe. Blount chose to disregard that advice within the first 24 hours of the attack and paid the equivalent of $5.6 million in bitcoin to retrieve the company’s data. US officials said Monday they had recovered much of the payment.

“I made the decision to pay and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “It was the hardest decision I’ve made in my 39 years in the energy industry.”

The company, he said, had to act fast as it worked feverishly to determine whether the criminal gang had compromised the operational systems or physical security of the pipeline — and to try to avoid a more sustained shutdown.

Asked how much worse it would have been if the company hadn’t paid to get its data back, Blount said, “That’s an unknown we probably don’t want to know. And it may be an unknown we probably don’t want to play out in a public forum.”

His appearance before the Senate comes as the US government considers possible measures to address the ransomware attacks that have been launched against thousands of businesses as well as state and local government agencies.

“We’ve got to recognise these ransomware attacks for what they are. It’s a serious national security threat,” said Republican Senator Rob Portman. “Attacks against critical infrastructure are not just attacks on companies. They are attacks on our country itself.”

Already, the Justice Department and FBI have established a task force to deal with ransomware with some success, including managing to seize 85 per cent of the bitcoin that Colonial paid as ransom. But many of the criminals behind the attacks are beyond their reach in Russia or other countries that will not extradite suspects.



The attack on Colonial Pipeline — which supplies roughly 45 per cent of the fuel consumed on the East Coast — has been attributed to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating. The attack began after hackers used a company virtual private network that was no longer in active use, Blount said.

Blount said the Georgia-based company began negotiating with the hackers on the evening of the May 7 attack and paid a ransom of 75 bitcoin — then valued at roughly $5.6 million — the following day. The hack prompted the company to halt operations before the ransomware could spread to its operating systems.

The encryption tool the hackers provided the company in exchange for the payment helped “to some degree” but was not perfect, with Colonial still in the process of fully restoring its systems while working with consultants to assess the damage and improve cybersecurity, Blount said.

It took the company five days to resume pipeline operations. What took place in that time illustrated why they needed to quickly pay the ransom, he told the lawmakers.

“We already started to see pandemonium going on in the markets, people doing unsafe things like filling garbage bags full of gasoline or people fist-fighting in line at the fuel pump,” he said. “The concern would be what would happen if it had stretched on beyond that amount of time.”

AP

Most Viewed in World

From our partners

Source: Read Full Article