September 27, 2022

Pipeline Executive Felt Cornered by Ransomware Attack | Voice of America

The top executive for the biggest fuel pipeline operator in the United States told lawmakers he felt like he had no choice but to pay off hackers after a ransomware attack shut down operations along the East Coast. 

Testifying Tuesday before the Senate Homeland Security and Governmental Affairs Committee, Colonial Pipeline Chief Executive Joseph Blount took responsibility for agreeing to pay the Russian-based DarkSide Network approximately $5 million to minimize potentially disastrous delays to fuel delivery. 

“I know how critical our pipeline is to the country, and I put the interests of the country first,” Blount said. 

“It was the hardest decision I’ve made in my 39 years in the energy industry,” he added. “We wanted to stay focused on getting the pipeline back up and running. I believe with all my heart it was the right choice to make.” 

The May 7 DarkSide ransomware attack on Colonial Pipeline spawned fuel shortages and panic-buying across parts of the U.S., pushing prices higher as drivers hunted for gas stations that had not run out of fuel. 

A friend carrying a gas container is greeted by a motorist waiting in a lengthy line to enter a gasoline station during a surge…
FILE – A man with a gas container greets a motorist waiting in a lengthy line to enter a gasoline station during a surge in the demand for fuel following the cyberattack that crippled the Colonial Pipeline, in Durham, North Carolina, May 12, 2021.

U.S. law enforcement, including cyber experts at the Federal Bureau of Investigation (FBI), routinely warn companies against paying ransoms to hackers. But Blount said that even though the company was in contact with the FBI, he felt paying DarkSide was the most prudent option. 

“It was our understanding that the decision was solely ours as a private company,” he told lawmakers. “Considering the consequences of potentially not bringing the pipeline back on as quickly as I possibly could, I chose the ransom.” 

Blount said Colonial did not deal with DarkSide directly and instead hired legal experts and negotiators to act as intermediaries. The payment was delivered May 8 to the ransomware network in the form of the bitcoin cryptocurrency.  

In return, DarkSide provided Colonial with a decryption key that helped the company regain access to its systems and eventually resume operations, Blount said, noting that some systems are just now coming back online. 

Blount’s testimony comes just a day after the U.S. Justice Department and the FBI announced that they managed to track the ransom and recover the majority of the bitcoin, which was valued at about $2.3 million.  

US Snatches Back Ransom from Colonial Pipeline Hackers

Justice Department, law enforcement officials say move deprives Russian-based DarkSide Network ‘the object of their activity’

U.S. Deputy Attorney General Lisa Monaco on Monday described the development as significant, boasting that law enforcement had “turned the tables” on the ransomware network. 

Former government officials, though, worry that while the development slashed the hackers’ profits, it could put the government and the private sector on a slippery slope. 

“I think it’s a bad public policy outcome,” Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told a virtual forum hosted by Aspen Digital on Tuesday. 

“I would really hesitate trying to make this sort of engagement mainstream,” he said. “It’s not the FBI’s job to go out there and claw back money from criminals once they’ve taken it.” 

A Colonial Pipeline station is seen, Tuesday, May 11, 2021, in Smyrna, Ga., near Atlanta.  Colonial Pipeline, which delivers…
FILE – A Colonial Pipeline station is seen in Smyrna, Ga., near Atlanta, May 11, 2021.

Other experts worry that companies, organizations and governments, like Colonial Pipeline, are putting themselves at a disadvantage. 

“With ransomware, the misconception is that there’s two options: pay criminals or don’t pay criminals,” said Raj Samani, co-founder of No More Ransom, an organization that distributes decryption keys for free. 

“Many of the decryptors that are developed by the ransomware groups are actually rubbish,” said Samani, who is also the chief scientist at McAfee, a U.S.-based cybersecurity company. “So, even if you pay a fee, you may not get your data back.” 

In the case of the Colonial Pipeline ransomware attack, the decryption key did allow the company to start getting some systems up and running.   

“It’s not a perfect tool,” Blount told lawmakers Tuesday, adding that the company is working to further harden its cyber defenses. 

Blount said DarkSide was able to access Colonial’s systems by exploiting a virtual private network (VPN) that was no longer in use and which was protected only by a single password. 

CISA recommends using what is known as multifactor authentication, which requires users use a password and then complete a second step, such as replying to a text message, in order to access critical systems. 
 

in U.S.
Related Posts

Blinken Meets with Israeli, Palestinian Leaders | Voice of America

May 25, 2021

May 25, 2021

JERUSALEM – U.S. Secretary of State Antony Blinken is meeting Tuesday with Israeli leaders in Jerusalem and Palestinian leaders in Ramallah as...

Happy Pride, From Your Neighborhood Corporation | Voice of America

June 19, 2021

June 19, 2021

June is Pride Month, and American consumers have seen an uptick in corporations adopting inclusive rainbow branding. Notably, a few...

Pro-Palestinian Rally in Washington Seeks End to US Aid to Israel | Voice of America

May 30, 2021

May 30, 2021

WASHINGTON – More than 1,000 people rallied Saturday in Washington in support of Palestinians and called for an end to...

Building a New Life After Domestic Violence Family Tragedy

June 2, 2021

June 2, 2021

In 2008, a family murder-suicide horrified Detroit. Two decades later, one of the surviving daughters is telling her story of...

White House’s New, $1.7T Infrastructure Offer Panned by GOP | Voice of America

May 22, 2021

May 22, 2021

WASHINGTON – The White House put forward a $1.7 trillion infrastructure counteroffer Friday to Senate Republicans, dropping from President Joe...

Death Toll in Florida Building Collapse Rises to 12  | Voice of America

June 30, 2021

June 30, 2021

Search-and-rescue crews have confirmed a 12th death in the partial collapse of an apartment building in Surfside, Florida.  Miami-Dade County Mayor...

US Senators in Taiwan Announce Vaccine Donation | Voice of America

June 6, 2021

June 6, 2021

TAIPEI – A bipartisan delegation of three United States senators landed in Taiwan on Sunday and announced that Washington would...

Auditors Find No Fraud in Disputed New Hampshire Election | Voice of America

May 27, 2021

May 27, 2021

PEMBROKE, NEW HAMPSHIRE – There is no evidence of fraud or political bias in a controversial New Hampshire election where...

House to Vote on Bill Launching Probe of Jan. 6 Insurrection | Voice of America

June 29, 2021

June 29, 2021

WASHINGTON – A new committee to investigate the Jan. 6 insurrection at the U.S. Capitol would have 13 members and...

Are UFOs a Threat? Congress Awaits Pentagon Report

May 27, 2021

May 27, 2021

Videos of Navy pilots pursuing flying objects with amazing capabilities have struck a nerve in Washington. Matt Dibble looks into...

Judge Overturns California’s 32-year Ban on Assault Weapons  | Voice of America

June 6, 2021

June 6, 2021

SACRAMENTO, CALIFORNIA – A federal judge has overturned California’s three-decade-old ban on assault weapons, calling it a “failed experiment” that...

Women Make Up 60% of White House Staff, Diversity Total at 44% | Voice of America

July 1, 2021

July 1, 2021

Women make up 60% of the White House staff appointed by President Joe Biden, while people from racially or ethnically...

US Traffic Deaths Soar to 38,680 in 2020; Highest Yearly Total Since 2007 | Voice of America

June 4, 2021

June 4, 2021

WASHINGTON – U.S. traffic deaths soared after coronavirus lockdowns ended in 2020, hitting the highest yearly total since 2007 as...

Terrorism Spreading ‘Unabated’ Across Africa, Warns US Commander | Voice of America

June 30, 2021

June 30, 2021

WASHINGTON – The United States and its Western allies are being forced to confront a grim reality in Africa where...

Congress Member Describes Continuing Mental Trauma From January 6 Riots | Voice of America

June 24, 2021

June 24, 2021

Images of the January 6 insurrection at the U.S. Capitol are seared into many Americans’ minds and remain especially vivid...