21:56 GMT13 June 2021
Listen Live
    US
    Get short URL
    536
    Subscribe

    WASHINGTON (Sputnik) - Colonial Pipeline CEO Joseph Blount told a US Senate panel on Tuesday that he personally made a decision to pay ransom to hackers and keep it confidential seeking to restore the company’s operations as soon as possible.

    "It was the hardest decision I made in my 39 years in the energy industry," Blount said in a testimony to the US Senate Committee on Homeland Security and Governmental Affairs.

    Blount said the decision to start negotiating with the hackers was made hours after the attack with ransom paid the following day.

    "I know how critical our pipeline is to the country and I put the interest of the country first," he said, acknowledging that the US government’s general recommendation in such cases is not to pay ransom, 

    Blount explained that Colonial Pipeline has cyber-defense systems in place but they were compromised in a ransomware attack.

    He said that hackers from the Darkside group encrypted the company’s IT systems by exploiting “the legacy VPN profile that was not intended to be in use.”

    “As part of the ransomware note they tell you that they have encrypted information, that they have exfiltrated information. So we knew that they had exfiltrated information,” Blount added, saying that hackers stole “a lot of different type of materials” from the company’s shared drive.

    “The good news is it was retrieved very quickly. It was bright back in. We don’t fully understand everything that is in it because where it has been held since it was retrieved. But we have people obviously involved in a combined process who have been looking very closely at that data.”

    Blount said that the company works on that “very closely” with the FBI which continues the investigation.

    On Monday, the US Department of Justice announced that investigators had recovered millions of dollars in cryptocurrency that was paid to the DarkSide hacking group whose cyberattack hit Colonial Pipeline operations.

    "Ransomware attacks are always unacceptable, but when they target critical infrastructure, we will spare no effort in our response. ... Today, we turned the tables on DarkSide. This work is important, because every day, the digital threats we face are more diverse, more sophisticated and more dangerous," US Deputy Attorney General Lisa Monaco told a news conference.

    The ransomware attack caused a brief shutdown of the key pipeline transporting fuel to the US East Coast and forced Colonial to pay around $4.4 million to Darkside hacking group allegedly in exchange for encryption tools. Over half of the sum was later retrieved by US law enforcement agencies.

    Tags:
    ransom, ransomware
    Community standardsDiscussion