Pipeline Executive Felt Cornered By Ransomware Attack | Voice of America
The chief executive of the largest fuel pipeline operator in the United States told lawmakers he felt he had no choice but to pay the hackers after a ransomware attack took hold. ceased operations along the east coast.
Testifying before the Senate Committee on Homeland Security and Government Affairs on Tuesday, Colonial Pipeline Managing Director Joseph Blount agreed to pay the Russia-based DarkSide Network approximately $ 5 million to minimize potentially disastrous fuel delivery delays. .
“I know how essential our pipeline is to the country, and I put the country’s interests first,” Blount said.
“It was the most difficult decision I have made in 39 years in the energy industry,” he added. “We wanted to stay focused on getting the pipeline back on track. I believe with all my heart that was the right choice to make.”
The May 7 DarkSide ransomware attack on Colonial Pipeline sparked fuel shortages and panic buying in parts of the United States, pushing prices up as drivers scouted for gas stations that had no shortage fuel.
U.S. law enforcement agencies, including cyber experts from the Federal Bureau of Investigation (FBI), routinely warn companies against paying ransoms to hackers. But Blount said that even though the company was in contact with the FBI, he felt paying DarkSide was the more prudent option.
“We understood that the decision was up to us only as a private company,” he told lawmakers. “Given the consequences of not being able to get the pipeline back up and running as quickly as possible, I chose the ransom.”
Blount said Colonial did not deal directly with DarkSide and instead hired legal experts and negotiators to act as intermediaries. The payment was sent to the ransomware network on May 8 in the form of the bitcoin cryptocurrency.
In return, DarkSide provided Colonial with a decryption key that helped the company regain access to its systems and possibly get back to business, Blount said, noting that some systems have just come back online.
Blount’s testimony comes just a day after the US Department of Justice and the FBI announced that they had succeeded in tracking the ransom and recovering the majority of the bitcoin, which was valued at around $ 2.3 million.
US snatches ransom from colonial pipeline pirates
Justice Ministry and law enforcement officials say move deprives Russia-based DarkSide network of “the purpose of their activity.”
The US Deputy Attorney General Lisa Monaco on Monday called this development important, saying that the police had “turned the tide” on the ransomware network.
Former government officials, however, fear that if development has reduced profits for hackers, it could put government and the private sector on a slippery slope.
“I think this is a bad public policy outcome,” Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), said Tuesday at a virtual forum hosted by Aspen Digital.
“I would really hesitate to try to generalize this kind of commitment,” he said. “It’s not the FBI’s job to go out there and get the money from the criminals once they get it.”
Other experts fear that companies, organizations and governments, like Colonial Pipeline, are putting themselves at a disadvantage.
“With ransomware, the misconception is that there are two options: pay the criminals or not pay the criminals,” said Raj Samani, co-founder of No More Ransom, an organization that distributes keys for free. decryption.
“A lot of the decryptors developed by the ransomware groups are actually garbage,” said Samani, who is also the chief scientist at McAfee, a US-based cybersecurity company. “So even if you pay a fee, you may not get your data back. ”
In the case of the Colonial Pipeline ransomware attack, the decryption key allowed the company to start setting up some systems.
“It’s not a perfect tool,” Blount told lawmakers on Tuesday, adding that the company was working to further strengthen its cyber defenses.
Blount said DarkSide was able to access Colonial’s systems by operating a virtual private network (VPN) that was no longer in use and was only protected by a single password.
CISA recommends using what’s known as multi-factor authentication, which requires users to use a password and then perform a second step, such as replying to a text message, in order to access critical systems.