US

Colonial Pipeline hack: CEO decided to pay $4.4 million ransom within hours

The CEO of Colonial Pipeline has publicly admitted to paying off the DarkSide ransomware gang, offering the first glimpse into how the largest ever cyberattack on U.S. infrastructure unfolded. 

Colonial CEO Joseph Blount admitted that the company paid the hackers $4.4 million just hours after the attack crippled key systems in the company – yet the pipeline remained offline for a week.

‘I know that’s a highly controversial decision,’ Blount told the Wall Street Journal of the decision to pay ransom to the hacker gang that disabled the 5,500-mile pipeline system that supplies the East Coast with fuel. 

‘I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,’ he said. ‘But it was the right thing to do for the country.’ 

Colonial CEO Joseph Blount admitted to paying the hackers $4.4 million just hours after the attack crippled key systems in the company — yet the pipeline remained offline for a week

Station outages as of Wednesday morning are seen above following the hacking attack

Station outages as of Wednesday morning are seen above following the hacking attack

His remarks amount to the first public acknowledgement of the ransom payment by the company, which supplies the East Coast with gasoline, diesel and jet fuel.

The attack unfolded early on the morning of May 7, when an when an employee of the Georgia-based company found a ransom note from hackers on a control-room computer at 5.30am.

‘Welcome to the Darkside,’ the note began, according to a template obtained by DailyMail.com. ‘Your computers and servers are encrypted, backups are deleted.’

The note contained the ransom demand and instructions for paying off the extortion fee. ‘Follow our instructions and you will recover all your data,’ the hacker gang promised. 

The control-room worker sounded the alarm to management, and Blount was notified less than a half-hour later, as he was getting ready to go to work, the Journal reported. 

The company began to shut down the pipeline’s flow as it investigated how deeply the hackers had penetrated its systems.

A worker is seen in the Colonial control room in a file photo. The attack unfolded early on the morning of May 7, when an when an employee found a ransom note from hackers

A worker is seen in the Colonial control room in a file photo. The attack unfolded early on the morning of May 7, when an when an employee found a ransom note from hackers

The standard ransom note used by the DarkSide hacker gang is seen above. A Colonial worker discovered a note like this one at about 5.30am on May 7 on a control room computer

The standard ransom note used by the DarkSide hacker gang is seen above. A Colonial worker discovered a note like this one at about 5.30am on May 7 on a control room computer

It took Colonial about an hour to completely shut down the 5,500-mile pipeline network, which stretches from the Houston refinery hub to New York Harbor, and has 260 delivery points.

It was the first time in the pipelines 40-year history that the entire system was shut down at once, Blount said. 

Colonial insists that the ransomware breach did not reach its operational controls, but said it shut down the pipeline due to safety concerns, and to ensure the encryption virus did not spread.

As the company locked down its IT systems, employee were instructed not to log on to the corporate network.

Officials at Colonial began making frantic phone calls to the FBI and the Cybersecurity and Infrastructure Security Agency.

By nightfall, Blount came to the decision to meet the hackers’ demands, telling the Journal he felt he had no other option, with 45 percent of the East Coast fuel supply depending on the pipeline.

With digital systems online, some 300 workers had to patrol the pipeline to check for damage while it was offline. A Colonial storage area in Charlotte is seen above

With digital systems online, some 300 workers had to patrol the pipeline to check for damage while it was offline. A Colonial storage area in Charlotte is seen above

Blount said the company was unsure how deeply the hackers had penetrated the system, or how long it would take to bring back online, leaving him no choice but to pay them off. 

The FBI and cybersecurity experts consistently warn companies against paying off extortion demands, saying that it only encourages further attacks.

Colonial consulted with experts who have previously helped DarkSide victims, and made the $4.4 million ransom payment in Bitcoin on the night of May 7.

In return for the payment, the hackers sent a decryption key and tool to unlock the systems that had been taken hostage.

While the tool was of some use, it was ultimately not enough to fully restore the company’s systems, a source told the Journal.

What followed were days of chaos that spread across the South. The pipeline was shut down for a total of six days, spurring fuel shortages, with some 16,000 gas stations from Baltimore to Mississippi running dry. 

With digital monitoring offline, some 300 Colonial staffers had to physically patrol the 5,500-mile pipeline network, searching for any signs of damage.

As the days wore on, the pipeline’s outage rose to the level of a national crisis.

The Energy Department acted as the company’s federal liaison, with Energy Secretary Jennifer Granholm receiving constant updates to guide the federal response.

Last Wednesday, as the crisis reached a fever pitch, President Joe Biden addressed the nation, promising ‘good news’ within a day. 

The attack on Colonial Pipeline, which transports 45 percent of the East Coast's fuel supply, was the largest assault on US energy infrastructure in history

The attack on Colonial Pipeline, which transports 45 percent of the East Coast’s fuel supply, was the largest assault on US energy infrastructure in history

Colonial announced last Thursday it had restarted operations and resumed fuel deliveries to all markets after completing shutting down the line for a week following the cyberattack. 

But outages have persisted as suppliers race to catch up with demand and restock gas stations that have run dry. 

On Wednesday morning, 61 percent of gas stations in Washington DC were still without fuel, and more than a third of stations were dry in North Carolina, South Carolina, and Georgia. 

Blount said that in the past five years, Colonial has invested about $1.5 billion in maintaining the integrity of its 5,500-mile pipeline system, and has spent $200 million on IT. 

While the pipeline’s flow has returned to normal, the episode will cost Colonial tens of millions of additional dollars to completely restore the operations over a matter of months, Blount said.  


Source link

Related Articles

Back to top button