‘I will admit that I wasn’t comfortable seeing money go out the door to people like this,’ CEO Joseph Blout says
“It was the right thing to do for the country,” CEO Joseph Blout told The Wall Street Journal. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
This was the first public statement from the Georgia-based company that admitted to paying the $4.4 million in bitcoin ransom to DarkSide, a Russian-based hacking group.
Mr Blout said his company decided to pay the ransom on the same day of the attack even though it was a “highly controversial decision”.
Typically a ransomware attack involves hackers locking up computer systems by encrypting data and paralysing networks before asking for a large ransom from the targeted company to unscramble it.
The FBI has long advised companies against paying a ransom when hit by a ransomware attack, as paying the hackers gives them more incentive to target other organisations.
“The FBI does not support paying a ransom in response to a ransomware attack,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
The ransomware attack led to the shutdown of Colonial Pipeline’s 5,500 mile pipeline for six days, causing gas shortages and prices to increase in parts of the US.
Mr Blout told The Wall Street Journal that his company decided to pay the ransom on the day of the attack after consulting with experts who’ve previously dealt with DarkSide. But the CEO declined to name these experts to the publication.
After DarkSide received payment from Colonial Pipeline, the hackers provided the operator with a decrypting tool that would restore the company’s computer network, thus allowing for pipeline services to resume, Bloomberg first reported. But the company also reportedly used its own backups to restore the system due to how slowly the provided tool worked.
Although the pipeline’s service, which runs between Texas and New Jersey delivering more than 100 million gallons of fuel per day, was restored, the company was still unable to bill customers due to the aftermath of the cyberattack.
Colonial Pipeline has also lost all anonymity with the public.
“We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that’s not the case anymore,” Mr Blount said. “Everybody in the world knows.”