Colonial Pipeline CEO Joseph Blount said Tuesday that his company paid hackers a $4.4 million ransom a day after discovering malware on its systems in early May. The company also hired outside consultants to handle negotiations with the hackers, who were paid in the bitcoin cryptocurrency.
Blount, who was testifying before the Senate Committee on Homeland Security and Governmental Affairs, said the decision to pay the ransom on May 8 was made by the company itself. Federal authorities, however, were notified of the hack within hours of its discovery.
“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running.”
The testimony comes a day after the FBI said it had recovered millions of dollars in bitcoin paid to the DarkSide ransomware gang, which attacked the pipeline last month, prompting a shutdown of the East Coast’s main fuel-supply artery. The stoppage led to gasoline hoarding and soaring prices as motorists filled tanks amid uncertainty about supplies.
On Monday, the DOJ said it seized 63.7 bitcoins valued at a total of about $2.3 million, part of the ransom demanded by DarkSide. The criminal enterprise, which has since said it disbanded, is thought to be based in Russia.
The hack promoted the government to issue new cybersecurity regulations for operators of pipelines. The new security directive, issued by the DHS Transportation Security Administration, requires critical pipeline companies to report confirmed and potential cyberattacks to the US Cybersecurity and Infrastructure Security Agency. The directive also requires pipeline companies to undertake a review of their current security practices to identify any risks or gaps. Companies must report results of these reviews to the TSA and CISA within 30 days.