WASHINGTON • A pipeline company CEO made no apologies Tuesday for his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history.
Colonial Pipeline CEO Joseph Blount said he had no choice, telling senators uneasy with his actions that he feared far worse consequences given the uncertainty the company was confronting as the attack unfolded last month.
“I know how critical our pipeline is to the country,” Blount said, “and I put the interests of the country first.”
His testimony to the Senate Homeland Security Committee on the May 7 cyberattack provided a rare window into the dilemma faced by the private sector amid a storm of ransomware attacks in which overseas hackers breach a company’s network and encrypt their data, demanding a ransom to release it back to them.
U.S. authorities tell companies not to pay the ransom, arguing the crooks may not provide the keys to unencrypt the data and that the payments will encourage future attacks and help sustain criminal networks typically based in Russia and Eastern Europe. Blount chose to disregard that advice within the first 24 hours of the attack and paid the equivalent of $4.4 million in bitcoin to retrieve the company’s data. U.S. officials said Monday they had recovered much of the payment.
“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “It was the hardest decision I’ve made in my 39 years in the energy industry.”
The company, he said, had to act fast as it worked feverishly to determine whether the criminal gang had compromised the operational systems or physical security of the 5,500-mile pipeline – and to try to avoid a more sustained shutdown.
Asked how much worse it would have been if the company hadn’t paid to get its data back, Blount said, “That’s an unknown we probably don’t want to know. And it may be an unknown we probably don’t want to play out in a public forum.”
His appearance before the Senate comes as lawmakers consider possible measures to address the ransomware attacks that have been launched against thousands of businesses as well as state and local government agencies.
“We’ve got to recognize these ransomware attacks for what they are. It’s a serious national security threat,” said Sen. Rob Portman, a Republican from Ohio. “Attacks against critical infrastructure are not just attacks on companies. They are attacks on our country itself.”
Already, the Justice Department and FBI have established a task force to deal with ransomware with some success, including managing to seize 85% of the bitcoin that Colonial paid as ransom. But many of the criminals behind the attacks are beyond their reach in Russia or other countries that will not extradite suspects to the U.S.
The Biden administration has also made ransomware, and cybersecurity more broadly, a national priority in the wake of a series of high-profile intrusions.
The attack on Colonial Pipeline – which supplies roughly 45% of the fuel consumed on the East Coast – has been attributed to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating. The attack began after hackers used a company virtual private network that was no longer in active use, Blount said.