The Colonial Pipeline, the biggest petroleum pipeline in the U.S., shut down almost two weeks ago because of a ransomware attack tied to an Eastern European hacking group, causing big lines at gas stations and fights. It is back up and running now, though Colonial Pipeline’s CEO wants to clear some things up.
Colonial paid the hackers millions in ransom money, as has been previously reported, though federal officials have told companies not to do that, since paying ransom money only encourages more ransomware attacks. But in Colonial’s case, CEO Joseph Blount told the Wall Street Journal that he chose to pay $4.4 million to the hackers less than 24 hours after learning of the attack.
The other option — keeping the pipeline offline indefinitely — apparently wasn’t viable in part because it supplies the East Coast with almost half of the fuel it uses.
“I know [paying ransom was] a highly controversial decision,” Mr. Blount said in his first public remarks since the crippling hack. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
“But it was the right thing to do for the country,” he added.
Mr. Blount said Colonial paid the ransom in consultation with experts who had previously dealt with the criminal organization behind the attacks. He and others involved declined to detail who assisted in those negotiations.
What Blount also is saying, of course, is that paying the ransom and getting the pipeline back up and running was probably the right thing to do for his company, given that a petroleum pipeline company that doesn’t move petroleum isn’t much of a petroleum pipeline company. Still, Blount told the WSJ that its billing system remains down, and it may be months and tens of millions of dollars more out the door before Colonial fully recovers.
Which suggests that paying some criminals $4.4 million may have felt like small potatoes at the time, though, if this ever happens again, I suspect that Blount might reconsider paying. And not because dealing with criminals is unsavory but because, in this case, the ransom payment didn’t help all that much. And because of all the publicity, though that part was probably unavoidable.
In return for the payment, made on the night of May 7 in the form of bitcoin, according to a person familiar with the matter, the company received a decryption tool to unlock the systems hackers penetrated. While it proved to be of some use, it was ultimately not enough to immediately restore the pipeline’s systems, the person said.
“We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that’s not the case anymore,” [Blount] said. “Everybody in the world knows.”
It is quite unnerving to discover just how fragile America’s infrastructure is whenever something like this happens, along with the idea that a handful of hackers can bring a vital system screeching to a halt. That is America, though, 2021 edition.