Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

‘It was the right thing to do’: Colonial Pipeline CEO defends bitcoin ransom payment to hackers

‘I will admit that I wasn’t comfortable seeing money go out the door to people like this,’ CEO Joseph Blout says

Danielle Zoellner
New York
Wednesday 19 May 2021 21:39 BST
Comments
Colonial Pipeline CEO Joseph Blout has defended paying ransom to Russian hackers
Colonial Pipeline CEO Joseph Blout has defended paying ransom to Russian hackers (AFP via Getty Images)
Leer en Español

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Colonial Pipeline’s CEO has defended the company’s decision to pay a bitcoin ransom to hackers after a cybersecurity attack shut down the pipeline.

“It was the right thing to do for the country,” CEO Joseph Blout told The Wall Street Journal. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

This was the first public statement from the Georgia-based company that admitted to paying the $4.4 million in bitcoin ransom to DarkSide, a Russian-based hacking group.

Mr Blout said his company decided to pay the ransom on the same day of the attack even though it was a “highly controversial decision”.

Typically a ransomware attack involves hackers locking up computer systems by encrypting data and paralysing networks before asking for a large ransom from the targeted company to unscramble it.

The FBI has long advised companies against paying a ransom when hit by a ransomware attack, as paying the hackers gives them more incentive to target other organisations.

“The FBI does not support paying a ransom in response to a ransomware attack,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

The ransomware attack led to the shutdown of Colonial Pipeline’s 5,500 mile pipeline for six days, causing gas shortages and prices to increase in parts of the US.

Mr Blout told The Wall Street Journal that his company decided to pay the ransom on the day of the attack after consulting with experts who’ve previously dealt with DarkSide. But the CEO declined to name these experts to the publication.

After DarkSide received payment from Colonial Pipeline, the hackers provided the operator with a decrypting tool that would restore the company’s computer network, thus allowing for pipeline services to resume, Bloomberg first reported. But the company also reportedly used its own backups to restore the system due to how slowly the provided tool worked.

Although the pipeline’s service, which runs between Texas and New Jersey delivering more than 100 million gallons of fuel per day, was restored, the company was still unable to bill customers due to the aftermath of the cyberattack.

Colonial Pipeline has also lost all anonymity with the public.

“We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that’s not the case anymore,” Mr Blount said. “Everybody in the world knows.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in