May 19, 2021
Colonial Pipeline CEO confirms company ransom to hackers: WSJ
Cybersecurity market exponentially growing: Equity analyst
Colonial Pipeline Co. confirmed on Wednesday that it paid hackers US$4.4 million in ransom after suffering a devastating cyberattack that took the U.S.’s largest fuel pipeline offline.
Chief Executive Officer Joseph Blount confirmed the payment in an interview with the Wall Street Journal, saying he authorized it because executives weren’t sure how badly the attack had breached its systems or how long it would take to bring the pipeline back. Bloomberg News reported last week that Colonial Pipeline paid the ransom on May 7, shortly after the hackers had infected some of its network with ransomware.
“I know that’s a highly controversial decision,” Blount said in the interview. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
“But it was the right thing to do for the country,” he said. The FBI advises companies and other organizations targeted by ransomware not to pay the hackers, since it encourages more attacks.
U.S. lawmakers expressed frustration on Tuesday that Colonial hadn’t told lawmakers whether it paid the ransom. “We’re disappointed that the company refused to share any specific information regarding the reported payment of ransom during today’s briefing,” Representatives Bennie Thompson, Democrat from Mississippi, and Carolyn Maloney, Democrat from New York, said in a statement yesterday. “In order for Congress to legislate effectively on ransomware, we need this information.”
Thompson is the chairman of the Committee on Homeland Security, and Maloney is chairwoman of the Committee on Oversight and Reform.