May 24, 2022

Pipeline Executive Felt Cornered by Ransomware Attack | Voice of America

The top executive for the biggest fuel pipeline operator in the United States told lawmakers he felt like he had no choice but to pay off hackers after a ransomware attack shut down operations along the East Coast. 

Testifying Tuesday before the Senate Homeland Security and Governmental Affairs Committee, Colonial Pipeline Chief Executive Joseph Blount took responsibility for agreeing to pay the Russian-based DarkSide Network approximately $5 million to minimize potentially disastrous delays to fuel delivery. 

“I know how critical our pipeline is to the country, and I put the interests of the country first,” Blount said. 

“It was the hardest decision I’ve made in my 39 years in the energy industry,” he added. “We wanted to stay focused on getting the pipeline back up and running. I believe with all my heart it was the right choice to make.” 

The May 7 DarkSide ransomware attack on Colonial Pipeline spawned fuel shortages and panic-buying across parts of the U.S., pushing prices higher as drivers hunted for gas stations that had not run out of fuel. 

A friend carrying a gas container is greeted by a motorist waiting in a lengthy line to enter a gasoline station during a surge…
FILE – A man with a gas container greets a motorist waiting in a lengthy line to enter a gasoline station during a surge in the demand for fuel following the cyberattack that crippled the Colonial Pipeline, in Durham, North Carolina, May 12, 2021.

U.S. law enforcement, including cyber experts at the Federal Bureau of Investigation (FBI), routinely warn companies against paying ransoms to hackers. But Blount said that even though the company was in contact with the FBI, he felt paying DarkSide was the most prudent option. 

“It was our understanding that the decision was solely ours as a private company,” he told lawmakers. “Considering the consequences of potentially not bringing the pipeline back on as quickly as I possibly could, I chose the ransom.” 

Blount said Colonial did not deal with DarkSide directly and instead hired legal experts and negotiators to act as intermediaries. The payment was delivered May 8 to the ransomware network in the form of the bitcoin cryptocurrency.  

In return, DarkSide provided Colonial with a decryption key that helped the company regain access to its systems and eventually resume operations, Blount said, noting that some systems are just now coming back online. 

Blount’s testimony comes just a day after the U.S. Justice Department and the FBI announced that they managed to track the ransom and recover the majority of the bitcoin, which was valued at about $2.3 million.  

US Snatches Back Ransom from Colonial Pipeline Hackers

Justice Department, law enforcement officials say move deprives Russian-based DarkSide Network ‘the object of their activity’

U.S. Deputy Attorney General Lisa Monaco on Monday described the development as significant, boasting that law enforcement had “turned the tables” on the ransomware network. 

Former government officials, though, worry that while the development slashed the hackers’ profits, it could put the government and the private sector on a slippery slope. 

“I think it’s a bad public policy outcome,” Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told a virtual forum hosted by Aspen Digital on Tuesday. 

“I would really hesitate trying to make this sort of engagement mainstream,” he said. “It’s not the FBI’s job to go out there and claw back money from criminals once they’ve taken it.” 

A Colonial Pipeline station is seen, Tuesday, May 11, 2021, in Smyrna, Ga., near Atlanta.  Colonial Pipeline, which delivers…
FILE – A Colonial Pipeline station is seen in Smyrna, Ga., near Atlanta, May 11, 2021.

Other experts worry that companies, organizations and governments, like Colonial Pipeline, are putting themselves at a disadvantage. 

“With ransomware, the misconception is that there’s two options: pay criminals or don’t pay criminals,” said Raj Samani, co-founder of No More Ransom, an organization that distributes decryption keys for free. 

“Many of the decryptors that are developed by the ransomware groups are actually rubbish,” said Samani, who is also the chief scientist at McAfee, a U.S.-based cybersecurity company. “So, even if you pay a fee, you may not get your data back.” 

In the case of the Colonial Pipeline ransomware attack, the decryption key did allow the company to start getting some systems up and running.   

“It’s not a perfect tool,” Blount told lawmakers Tuesday, adding that the company is working to further harden its cyber defenses. 

Blount said DarkSide was able to access Colonial’s systems by exploiting a virtual private network (VPN) that was no longer in use and which was protected only by a single password. 

CISA recommends using what is known as multifactor authentication, which requires users use a password and then complete a second step, such as replying to a text message, in order to access critical systems. 
 

in U.S.
Related Posts

US Announces Plan to Share 80 Million Excess Vaccine Doses | Voice of America

June 3, 2021

June 3, 2021

The Biden administration on Thursday announced it will share 80 million excess doses of COVID-19 vaccines by the end of...

New Robot ‘Mayflower’ Ship Begins Voyage Recreating Original Route | Voice of America

June 15, 2021

June 15, 2021

A fully autonomous ship named for the Mayflower, the ship that sailed to what is now the eastern U.S. state...

Record-breaking Heat Wave Continues to Batter Pacific Northwest | Voice of America

June 29, 2021

June 29, 2021

The U.S. Pacific Northwest baked under record-breaking temperatures again Monday as the region endures a dangerous heat wave that has...

Mobile Vaccination Units Hit Tiny US Towns to Boost COVID Immunity | Voice of America

May 31, 2021

May 31, 2021

FALLON, Nev. — Pick-up truck drivers motor up to a white trailer in a parking lot on Fallon Paiute-Shoshone land...

Iran’s Interest in Russian Satellite ‘Not Particularly Concerning’ to US Security, CENTCOM Chief Tells VOA | Voice of America

June 16, 2021

June 16, 2021

CAIRO, EGYPT – Iran’s reported desire to purchase a Russian advanced satellite system is not “particularly concerning” to U.S. security...

Latest NASA Supply Ship to Space Includes Newly-Hatched Squid | Voice of America

June 4, 2021

June 4, 2021

The U.S. space agency NASA said cargo on the latest supply ship headed for the International Space Station (ISS) includes...

US Food Banks Fear Rising Food Prices Will Affect Mission to Feed Needy | Voice of America

June 22, 2021

June 22, 2021

ALEXANDRIA, VA – A food pantry in Fairfax, Virginia, serves as a lifeline for Mandy Recinos in her constant struggle...

Rolling Blackouts, Multiple Deaths in Pacific Northwest Heat Wave | Voice of America

June 30, 2021

June 30, 2021

Cities in the Pacific Northwest of North America reported power outages Tuesday, both from failures of utility companies and rolling blackouts due to heavy...

Ukrainian Member of Cybercrime Gang Sentenced in US | Voice of America

June 25, 2021

June 25, 2021

WASHINGTON – A Ukrainian hacker was sentenced to seven years in prison for his role in a notorious cybercrime group...

Augmented Reality Event Honors Breonna Taylor’s Memory | Voice of America

June 22, 2021

June 22, 2021

After the shooting death of Breonna Taylor in 2020, her sister Ju’Niyah Palmer not only had to deal with her...

Biden, Putin to Meet for First Time in Geneva | Voice of America

June 12, 2021

June 12, 2021

U.S. President Joe Biden meets with Russian counterpart Vladimir Putin for the first time in Geneva Wednesday amid deteriorating relations...

Bidens Announce Death of ‘First Dog’ Champ | Voice of America

June 19, 2021

June 19, 2021

WASHINGTON – President Joe Biden and first lady Jill Biden on Saturday announced the passing of their German shepherd Champ,...

FBI Subpoenas Info on Readers of News Story on Slain Agents | Voice of America

June 5, 2021

June 5, 2021

WASHINGTON – The FBI issued a subpoena demanding U.S. newspaper giant Gannett provide agents with information to track down readers...

Biden Order to Ban Investment in 59 Chinese Defense, Tech Firms | Voice of America

June 3, 2021

June 3, 2021

WASHINGTON – The Biden administration will issue a new executive order on Thursday that bans U.S. entities from buying or...

11 People in Custody After Hourslong Armed Standoff on Massachusetts Highway | Voice of America

July 3, 2021

July 3, 2021

WAKEFIELD, MASSACHUSETTS – An hourslong standoff with a group of heavily armed men that partially shut down Interstate 95 ended...