Pipeline CEO Defends Paying Ransom Amid Cyberattack


A imminent company CEO on Tuesday defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he featured down one of the most disruptive ransomware attacks in U.S. history.

Colonial Pipeline CEO Joseph Blount said he had no choice, telling senators uneasy with his activities that he feared far worse consequences given the uncertainty the company was confronting as the attack unfolded last month.

“I know how critical our pipeline is to the outback,” Blount said, “and I put the interests of the country first.”

His testimony to the Senate Homeland Security Committee on the May 7 cyberattack provided a rare window into the difficulty faced by the private sector amid a storm of ransomware attacks in which overseas hackers breach a company’s network and encrypt their statistics, demanding a ransom to release it back to them.

U.S. authorities tell companies not to pay the ransom, arguing the crooks may not provide the keys to unencrypt the data and that the payments desire encourage future attacks and help sustain criminal networks typically based in Russia and Eastern Europe. Blount chose to disregard that suggestion within the first 24 hours of the attack and paid the equivalent of $4.4 million in bitcoin to retrieve the company’s data. U.S. officials said Monday they had won much of the payment.

“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “It was the hardest purpose I’ve made in my 39 years in the energy industry.”

The company, he said, was “deeply sorry” for the effect of the shutdown but had to act fast as it worked feverishly to determine whether the sinful gang had compromised the operational systems or physical security of the 5,500-mile pipeline — and to try to avoid a more sustained shutdown.

Asked how much worse it at ones desire have been if the company hadn’t paid to get its data back, Blount said, “That’s an unknown we probably don’t want to know. And it may be an unknown we purposes don’t want to play out in a public forum.”

His appearance before the Senate comes as lawmakers consider possible measures to address the ransomware attacks that be undergoing been launched against thousands of businesses as well as state and local government agencies.

“We’ve got to recognize these ransomware attacks for what they are. It’s a dour national security threat,” said Sen. Rob Portman, a Republican from Ohio. “Attacks against critical infrastructure are not just attacks on companies. They are inroads on our country itself.”

Already, the Justice Department and FBI have established a task force to deal with ransomware with some success, containing managing to seize 85% of the bitcoin that Colonial paid as ransom. But many of the criminals behind the attacks are beyond their reach in Russia or other fatherlands that will not extradite suspects to the U.S.

The Biden administration has also made ransomware, and cybersecurity more broadly, a national priority in the wake of a series of high-profile intrusions.

Newest month, the administration issued new regulations for the pipeline industry, requiring companies to conduct cybersecurity assessments and immediately report any breaches to the federal administration. The industry has until now operated under voluntary guidelines.

Blount disputed a media report that his company had refused to participate in one of the voluntary assessments, acted by the Transportation Security Administration, earlier this year, saying it had merely been delayed because of COVID-19 and other issues. “That was totally a shock to me,” he said of the account.

The attack on Colonial Pipeline — which supplies roughly 45% of the fuel consumed on the East Coast — has been credited to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating.

It began after hackers accessed the house’s IT system through a virtual private network that was no longer in active use. Blount said it only required a “complicated” password to gain arrival rather than multi-factor authentication, which provides additional security and is now required at Colonial.

“The ransomware attack on Colonial Pipeline affected millions of Americans, ” influenced Sen. Gary Peters, a Michigan Democrat. “The next time an incident like this happens, unfortunately, it could be even worse.”

Blount about the Georgia-based company began negotiating with the hackers on the evening of the May 7 attack and paid a ransom of 75 bitcoin — then valued at roughly $4.4 million — the trace day. The hack prompted the company to halt operations before the ransomware could spread to its operating systems.

The encryption tool the hackers provided the followers in exchange for the payment helped “to some degree” but was not perfect, with Colonial still in the process of fully restoring its systems while working with counsellors to assess the damage and improve cybersecurity, Blount said.

It took the company five days to resume pipeline operations. What took chore in that time illustrated why they needed to quickly pay the ransom, he told the lawmakers.

“We already started to see pandemonium going on in the markets, people doing unsafe actions like filling garbage bags full of gasoline or people fist-fighting in line at the fuel pump,” he said. “The concern would be what would befall if it had stretched on beyond that amount of time.”

[embedded content]

Pipeline CEO Defends Paying Ransom Amid Cyberattack
Previous Columns by Associated Press:
Pipeline CEO Defends Paying Ransom Amid CyberattackTags:

Leave a Reply

Your email address will not be published. Required fields are marked *