CEO of Colonial Pipeline, Joseph Blount Jr. told a Senate committee on Tuesday (06/08/2021) that the company paid a $5 million ransom one day after a suspected Russia-based ransomeware cyberattack hacked its IT network and disabled its fuel delivery pipeline system.
Quoting from CNBC, Wednesday (9/6/2021), Blount told members of the US Homeland Security Committee and Senate Government Affairs how the chronology and details of the incident of the cyber ransomeware attack case that hit his company.
It said Colonial Pipeline only learned of the attack shortly before 5 a.m. on Friday May 7, 2021, when an employee discovered a ransom note on a system on their IT network.
DarkSide is The Perpetrator
The company was attacked by a ransomware program created by DarkSide, a cybercriminal group believed to operate outside of Russia. The note said hackers had “exfiltrated” material from the company’s internal drives, and demanded about $5 million in exchange for the files.
Blount said that shortly after they found the ransom note, the company immediately took the decision to shut down the entire fuel pipeline.
“At around 5:55 a.m. employees began the shutdown process. At6:10 a.m., they confirmed that all 5,500 mile pipelines had been closed,” Blount wrote.
The decision to close this entire pipeline was driven by the need to isolate and contain attacks to help ensure malware doesn’t spread to the company’s operational technology network, which controls our pipeline operations, if it doesn’t already. The closure caused major disruption to gas shipments carried out by the company.
Blount also testified about a ransom of about $5 million the company paid the DarkSide hackers. He revealed that Colonial Pipeline paid the ransom one day after the company was hit.
“I made the decision that Colonial Pipeline will pay a ransom for every tool available to us to quickly get the pipeline back up and running,” Blount said.
“It was one of the toughest decisions I had to make in my life. At the time, I kept this information because we were concerned about operational security and minimizing publicity to threat actors,” he said.
Read now: 5 Ransomware Virus Attacks in The World