"It was the hardest decision I made in my 39 years in the energy industry," Blount said in a testimony to the US Senate Committee on Homeland Security and Governmental Affairs.
Blount said the decision to start negotiating with the hackers was made hours after the attack with ransom paid the following day.
"I know how critical our pipeline is to the country and I put the interest of the country first," he said, acknowledging that the US government’s general recommendation in such cases is not to pay ransom,
Blount explained that Colonial Pipeline has cyber-defense systems in place but they were compromised in a ransomware attack.
Back on Capitol Hill today to cover Colonial President and CEO Joseph Blount’s first day of testimony on the recent ransomware attack, with Blount saying he still believes paying the ransom was “the right choice to make.” pic.twitter.com/I9JZv5W03O
— Maggie Miller (@magmill95) June 8, 2021
He said that hackers from the Darkside group encrypted the company’s IT systems by exploiting “the legacy VPN profile that was not intended to be in use.”
“As part of the ransomware note they tell you that they have encrypted information, that they have exfiltrated information. So we knew that they had exfiltrated information,” Blount added, saying that hackers stole “a lot of different type of materials” from the company’s shared drive.
“The good news is it was retrieved very quickly. It was bright back in. We don’t fully understand everything that is in it because where it has been held since it was retrieved. But we have people obviously involved in a combined process who have been looking very closely at that data.”
Blount said that the company works on that “very closely” with the FBI which continues the investigation.
On Monday, the US Department of Justice announced that investigators had recovered millions of dollars in cryptocurrency that was paid to the DarkSide hacking group whose cyberattack hit Colonial Pipeline operations.
"Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response. ... Today, we turned the tables on DarkSide. This work is important, because every day, the digital threats we face are more diverse, more sophisticated and more dangerous," US Deputy Attorney General Lisa Monaco told a news conference.
The ransomware attack caused a brief shutdown of the key pipeline transporting fuel to the US East Coast and forced Colonial to pay around $4.4 million to Darkside hacking group allegedly in exchange for encryption tools. Over half of the sum was later retrieved by US law enforcement agencies.
