‘It was the right thing to do’: Colonial Pipeline CEO defends bitcoin ransom payment to hackers
‘I will admit that I wasn’t comfortable seeing money go out the door to people like this,’ CEO Joseph Blout says
The latest headlines from our reporters across the US sent straight to your inbox each weekday
Your briefing on the latest headlines from across the US
Colonial Pipeline’s CEO has defended the company’s decision to pay a bitcoin ransom to hackers after a cybersecurity attack shut down the pipeline.
“It was the right thing to do for the country,” CEO Joseph Blout told The Wall Street Journal. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
This was the first public statement from the Georgia-based company that admitted to paying the $4.4 million in bitcoin ransom to DarkSide, a Russian-based hacking group.
Mr Blout said his company decided to pay the ransom on the same day of the attack even though it was a “highly controversial decision”.
Typically a ransomware attack involves hackers locking up computer systems by encrypting data and paralysing networks before asking for a large ransom from the targeted company to unscramble it.
The FBI has long advised companies against paying a ransom when hit by a ransomware attack, as paying the hackers gives them more incentive to target other organisations.
“The FBI does not support paying a ransom in response to a ransomware attack,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
The ransomware attack led to the shutdown of Colonial Pipeline’s 5,500 mile pipeline for six days, causing gas shortages and prices to increase in parts of the US.
Mr Blout told The Wall Street Journal that his company decided to pay the ransom on the day of the attack after consulting with experts who’ve previously dealt with DarkSide. But the CEO declined to name these experts to the publication.
After DarkSide received payment from Colonial Pipeline, the hackers provided the operator with a decrypting tool that would restore the company’s computer network, thus allowing for pipeline services to resume, Bloomberg first reported. But the company also reportedly used its own backups to restore the system due to how slowly the provided tool worked.
Although the pipeline’s service, which runs between Texas and New Jersey delivering more than 100 million gallons of fuel per day, was restored, the company was still unable to bill customers due to the aftermath of the cyberattack.
Colonial Pipeline has also lost all anonymity with the public.
“We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that’s not the case anymore,” Mr Blount said. “Everybody in the world knows.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies