Pipeline CEO defends paying ransom amid cyberattack – WSVN 7News | Miami News, Weather, Sports
WASHINGTON (AP) – A pipeline company CEO did not apologize Tuesday for his decision to abruptly stop fuel distribution for much of the east coast and pay millions to a criminal gang in Russia as he turned to one of the most disruptive ransomware attacks in Russia of US history.
Joseph Blount, CEO of Colonial Pipeline, said he had no choice but to tell senators, uneasy with his actions, that he feared far worse consequences given the uncertainty the company faced during the attack last month .
“I know how important our pipeline is to the country,” said Blount, “and I put the country’s interests first.”
His testimony to the Senate Homeland Security Committee on the 7th cyberattack back to them.
US authorities are urging companies not to pay the ransom, arguing that the crooks may not provide the keys to decrypt the data and that the payments will fuel future attacks and support criminal networks usually based in Russia and Eastern Europe. Blount chose to ignore this advice within the first 24 hours of the attack and paid the equivalent of $ 4.4 million in Bitcoin to retrieve the company’s data. US officials said Monday they had recovered much of the payment.
“I made the decision to pay and I chose to keep the information about the payment as confidential as possible,” said Blount. “That was the hardest decision I made in my 39 years in the energy industry.”
The company, he said, needed to act quickly as it worked feverishly to determine if the criminal gang had compromised the operating systems or the physical security of the 5,500-mile pipeline – and to try to avoid an extended shutdown.
When asked how much worse it would have been if the company hadn’t paid to get their data back, Blount said, “This is a stranger we probably don’t want to know. And it can be a stranger that we probably don’t want to play off in a public forum. “
His Senate appearance comes as lawmakers consider possible measures to combat the ransomware attacks that have launched against thousands of companies as well as state and local government agencies.
“We need to recognize these ransomware attacks for what they are. It’s a serious national security threat, ”said Senator Rob Portman, a Republican from Ohio. “Attacks on critical infrastructures are not just attacks on companies. They are attacks on our country itself. “
The Department of Justice and the FBI have already set up a task force to deal with ransomware with some success, including the seizure of 85% of the bitcoins Colonial paid as ransom. But many of the criminals behind the attacks are out of reach in Russia or other countries that do not extradite suspects to the US
The Biden administration has made ransomware and broader cybersecurity a national priority after a series of high profile break-ins.
Last month, the government enacted new regulations for the pipeline industry requiring companies to conduct cybersecurity assessments and promptly report violations to the federal government. The industry has so far operated according to voluntary guidelines.
Blount denied a media report that his company refused to take part in any of the voluntary assessments conducted by the Transportation Security Administration earlier this year, saying it was only delayed due to COVID-19 and other issues. “That was quite a shock to me,” he said of the report.
The attack on the Colonial Pipeline – which provides about 45% of the fuel consumed on the east coast – has been attributed to a gang of cybercriminals based in Russia using the DarkSide variant of ransomware, one of more than 100 variants the FBI is currently investigating . The attack began after hackers used a corporate virtual private network that was no longer active, Blount said.
“The ransomware attack on the Colonial Pipeline affected millions of Americans,” said Senator Gary Peters, a Michigan Democrat. “Unfortunately, the next time an incident like this happens, things could get worse.”
Blount said the Georgia-based company entered negotiations with the hackers on the evening of the May 7 attack and paid a ransom of 75 bitcoin the next day – then worth about $ 4.4 million. The hack caused the company to cease operations before the ransomware could spread to its operating systems.
The encryption tool the hackers provided the company in exchange for the payment helped “to some extent,” but was not perfect as Colonial was still in the process of fully restoring its systems while working with consultants to fix the Assess damage and improve cybersecurity, Blount said.
It took the company five days to resume pipeline operations. What happened during that time illustrated why they had to pay the ransom quickly, he told lawmakers.
“We have already started seeing a pandemonium in the markets, people doing unsafe things like filling garbage bags with gasoline or people fighting with their fists at the gas pump,” he said. “The concern would be what would happen if it stretched beyond this time.”
Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.