Colonial Pipeline boss confirms $4.4m ransom payment

  • Published
Media caption,

How did a cyber-attack lead to US petrol queues?

Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible for taking the US fuel pipeline offline.

Its boss told the Wall Street Journal he authorised the payment on 7 May because of uncertainty over how long the shutdown would continue.

"I know that's a highly controversial decision," Joseph Blount said in his first interview since the hack.

The 5,500-mile (8,900-km) pipeline carries 2.5 million barrels a day.

According to the firm, it carries 45% of the East Coast's supply of diesel, petrol and jet fuel.

Chief executive Mr Blount told the newspaper that the firm decided to pay the ransom after discussions with experts who had previously dealt with DarkSide, the criminal organisation behind the attack.

"I didn't make [that decision] lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this.

"But it was the right thing to do for the country," he added.

The US government has recommended in the past that companies do not pay criminals over ransomware attacks, in case they invite further hacks in the future.

Colonial Pipeline took itself offline on Friday 7 May after the cyber-attack.

In return for the Bitcoin payment, the company received a decryption tool so it could unlock the systems compromised by the hackers - although that was not enough to restart systems immediately, according to the newspaper.

Image source, Getty Images
Image caption,
Fears over fuel shortages spurred some customers to panic buy petrol in the United States.

Operations resumed on the pipeline last week, although petrol shortages seen across states such as North Carolina and Georgia have persisted, according to data tracking firm Gas Buddy.

Mr Blount added that it would take months before some other business systems are recovered, and estimated that the attack would ultimately cost the company tens of millions of dollars.

He also regrets that the company has lost some degree of anonymity, having led the firm since 2017.

"We were perfectly happy having no one know who Colonial Pipeline was, and unfortunately that's not the case any more," he said. "Everybody in the world knows."

At the time of the hack, the DarkSide criminal gang acknowledged the incident in a public statement.

"Our goal is to make money and not creating problems for society," DarkSide wrote on its website.

"We do not participate in geopolitics, do not need to tie us with a defined government and look for... our motives," the group added.