In an admittedly 'highly controversial' decision, Colonial Pipeline CEO Joseph Blount said he paid $4.4 million in ransom to the DarkSide hackers.
Blount made the explosive revelation in an interview with the Wall Street Journal hours after it was reported that scores of companies that paid millions to the hackers during the last one year. Reports said the collective ransom paid in the last year amounted to at least $90 million.
Large-Scale Chaos Across Supply Network
Report last week had speculated that Colonial, whose computer network was taken down earlier this week, resulting in large-scale chaos across its supply network. However, it was not clear how much was the ransom amount paid by the company.
Blount said it was not an easy decision to make. "I didn't make it lightly ... I will admit that I wasn't comfortable seeing money go out the door to people like this," he said in the interview.
"But it was the right thing to do for the country," Blount added.
Attack Discovered on May 7
Colonial Pipeline had said earlier that it discovered its systems were attacked on the morning of May 7. "In response to this incident, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems," Colonial said. "Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing," it added.
However, by then the Colonia's sprawling pipeline network had already been paralyzed across vast swathes of the United States. Colonial carries 45 percent of the fuel supplies for the eastern US. The pipeline is 8850 kms long and carries jet fuel and refined gasoline from the Gulf Coast to New York, transporting some 2.5 million barrels daily. It's systems went offline following the ransomware attacks, taking gas off the grid and causing a crippling gas shortage for several days.
Congress Panels Not Happy
Meanwhile, the leaders of the two key Congress committees expressed disappointment over the failure of Colonial to intimate the details of the attack and the ransom payment on time. It was disappointing that "the company refused to share any specific information regarding the reported payment of ransom during today's briefing," said Carolyn Maloney of New York, the chairwoman of the House Oversight and Reform Committee, and Bennie Thompson, the chairman of the Homeland Security Committee.
But Colonial defended the decision saying too much attention on the ransom payment would have encouraged the hackers to target more companies.
Hackers Made $90 Million in Year
It was reported on Wednesday that many companies were forced to pay ransom to DarkSide after crippling cyberattacks. According to Blockchain analytics firm Elliptic, the bitcoin wallet of DarkSide got millions of dollars worth of ransom payments in the last nine months. Over the last one year, the hackers made at least $90 million in ransom payments from 47 companies.
While the money extorted from each company varied, the average payment was around $1.9 million, the report said, citing Elliptic.
Some of the high-profile companies that came under attack were fashion label Guess and Toshiba, according to Dark web intelligence firm DarkTracer.
