The chief executive of the pipeline operator that was temporarily crippled by a ransomware attack last month apologized to Americans. During testimony before a Senate panel on Tuesday, he acknowledged that Colonial Pipeline was susceptible to hackers and that it is still grappling with challenges caused by the infiltration.
“We are deeply sorry for the impact that this attack had,” CEO Joseph Blount Jr. said.
Fielding questions from members of the Senate Homeland Security and Governmental Affairs Committee, Blount addressed concerns about the company’s cybersecurity practices and its decision to pay the hackers a hefty seven-figure ransom.
The appearance was Blount’s first before Congress since the May 7 ransomware attack that forced the Georgia-based pipeline operator to temporarily halt operations. He is scheduled for a second hearing Wednesday before the House Homeland Security Committee.
Federal Bureau of Investigation (FBI) authorities said Russian-affiliated cybercriminals using DarkSide ransomware were behind the attack. The incursion forced Colonial to shut down its pipeline operation — the main conduit for gasoline and diesel fuel from the Gulf Coast to the East Coast — for six days. Colonial transports more than 100 million gallons of fuel daily. A panicked run on gasoline followed along with a surge in prices in several states. Thousands of gas stations temporarily ran out of fuel.
Colonial had not planned in advance for a ransomware attack specifically, Blount said. However, it had an emergency response plan in place. As part of that plan, the company contacted the FBI within hours of the attack, he said, helping to launch a timely investigation.
“We take cybersecurity very seriously,” Blount said.
Still, hackers nevertheless identified vulnerabilities. They broke into a legacy Virtual Private Network system, aka VPN, which did not use multifactor authentication. Blount also said Colonial continues its work to fully recover from the attack, noting that it is trying to bring back several finance systems that have been offline for a month.
Blount defended Colonial’s decision to pay the ransom and keep it “as confidential as possible.” The company alerted the FBI but did not share news of the event with peers.
“I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running,” he said. “I believe with all my heart it was the right choice to make.”
On Monday, U.S. Justice Department officials said they had successfully seized millions of dollars in cryptocurrency that Colonial had paid to DarkSide affiliates. Colonial previously admitted it had paid the $4.4. million ransom in Bitcoin.
Deputy Attorney General Lisa Monaco said during a televised news conference that federal authorities tracked down and seized the Bitcoin account, capturing much of the ransom paid. Authorities said they recovered about 64 bitcoin, valued at roughly $2.3 million.
“Ransomware attacks are always unacceptable – but when they target critical infrastructure, we will spare no effort in our response,” Monaco said. “By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools, and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.”
The FBI has cautioned companies against paying ransoms, as doing so may encourage more attacks. However, Colonial said last month it could not risk an extended shutdown and determined it needed to pay the ransom.
“We needed to do everything in our power to restart the system quickly and safely,” the company said. “Tens of millions of Americans rely on Colonial – hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public.”
Blount reiterated that thinking Tuesday.
In the wake of the Colonial attack and several others – recently including a hospital system in California and the world’s largest meat processor – some lawmakers in Washington are considering a law that would make it illegal for companies to pay ransom.
Energy Secretary Jennifer Granholm said Sunday she supports such a law. In an interview on NBC’s “Meet the Press,” Granholm conceded it was too soon to say whether Congress or President Biden were prepared to take that route. However, she said paying ransoms only spurs more attacks.
“Everyone needs to wake up and up their game in terms of protecting themselves, but also in terms of telling the federal government if they are a target of attacks,” Granholm said. “Many of these private companies don’t want to let people know. They should not be paying ransomware, but they should be letting us know so we can protect the rest of the country.”
© 2021 Natural Gas Intelligence. All rights reserved.
ISSN © 1532-1231 | ISSN © 2577-9877 | ISSN © 1532-1266 |