Colonial Pipeline’s CEO has publicly admitted to paying off the DarkSide ransomware gang, providing the first look at how the largest cyberattack on US infrastructure ever unfolded. Colonial CEO Joseph Blount admitted that the company paid the hackers $4.4 million just hours after the attack crippled key systems in the company – despite the fact that the pipeline was offline for a week.
‘I know that’s a highly contentious decision,’ Blount said of the decision to pay a ransom to the hacker gang that crippled the 5,500-mile pipeline system that supplies fuel to the East Coast. His remarks represent the company’s first public acknowledgement of the ransom payment, which supplies gasoline, diesel, and jet fuel to the East Coast.
The attack began at 5.30 a.m. on May 7, when an employee of the Georgia-based company discovered a ransom note from hackers on a control-room computer. Blount was notified less than a half-hour later, as he was getting ready to go to work, after the control-room worker raised the alarm to management.
As the company investigated how deeply the hackers had penetrated its systems, it began to shut down the pipeline’s flow. Colonial took about an hour to shut down the 5,500-mile pipeline network, which stretches from the Houston refinery hub to New York Harbor and has 260 delivery points. Blount said it was the first time in the pipeline’s 40-year history that the entire system was shut down at once.
Colonial insists that the ransomware breach did not reach its operational controls, but that the pipeline was shut down due to safety concerns and to prevent the encryption virus from spreading. Employees were instructed not to log on to the corporate network while the company’s IT systems were locked down. Colonial officials began frantically calling the FBI and the Cybersecurity and Infrastructure Security Agency.
By nightfall, Blount had made the decision to meet the hackers’ demands, telling the Journal that he felt he had no other choice because the pipeline was responsible for 45 percent of the East Coast’s fuel supply. Blount stated that the company was unsure how deeply the hackers had penetrated the system or how long it would take to restore it, leaving him with no choice but to pay them off.
The FBI and cybersecurity experts have repeatedly warned businesses against paying off extortion demands, claiming that doing so only encourages more attacks. Colonial consulted with experts who had previously assisted DarkSide victims before paying the $4.4 million ransom in Bitcoin on May 7. In exchange for the payment, the hackers sent a decryption key and a tool to unlock the hostage systems.
While the tool was helpful, it was ultimately insufficient to fully restore the company’s systems. Days of chaos followed, sweeping across the South. The pipeline was shut down for a total of six days, causing fuel shortages from Baltimore to Mississippi, with 16,000 gas stations running dry.
With digital monitoring unavailable, 300 Colonial employees were forced to physically patrol the 5,500-mile pipeline network, looking for signs of damage. The pipeline’s outage grew to the level of a national crisis as the days passed.
The Energy Department served as the company’s federal liaison, with Energy Secretary Jennifer Granholm receiving regular updates to help guide the federal response. As the crisis reached a fever pitch last Wednesday, President Joe Biden addressed the nation, promising “good news” within a day. Colonial announced last Thursday that it had resumed operations and fuel deliveries to all markets after shutting down the line for a week due to the cyberattack.
However, outages have continued as suppliers race to meet demand and restock gas stations that have run dry. On Wednesday morning, 61 percent of gas stations in Washington, DC were still out of gas, and more than a third of stations in North Carolina, South Carolina, and Georgia were out of gas. Blount stated that over the last five years, Colonial has invested approximately $1.5 billion in maintaining the integrity of its 5,500-mile pipeline system, as well as $200 million in information technology.
While the pipeline’s flow has returned to normal, Blount estimates that the incident will cost Colonial tens of millions of dollars to completely restore operations over a period of months.
