‘The right choice to make’: Colonial Pipeline CEO defends decision to pay hackers’ $4.4M ransom

WASHINGTON — The head honcho of Colonial Pipeline testified Tuesday that he “put the interests of the country first” by paying more than $4 million to Russian cybercriminals, as it allowed for gasoline to start flowing to the Eastern Seaboard again after a ransomware attack caused a chaotic supply breakdown.

In his first public remarks since last month’s hack, Colonial CEO Joseph Blount testified before the Senate Homeland Security Committee that he essentially had no choice but to pay the $4.4 million ransom to a Russian hacking gang known as DarkSide despite the FBI advising against it.

“I know how critical our pipeline is to the country,” Blount said, adding he believes “with all my heart it was the right choice to make.”

Blount paid the ransom in Bitcoin within 24 hours of Colonial discovering on May 7 that the hackers had breached their computer systems and stolen critical company data.

Before issuing the payment, Colonial shut down its entire 5,500-mile pipeline — which runs from Texas to New York and supplies nearly the entire East Coast with fuel — for fear that the hackers could compromise the company’s operating technology and cause longer-lasting damage to supply chains.

“If there was a 1% chance that that OT system was compromised, it was worth shutting the pipeline system down,” Blount said.

Even though the shutdown lasted less than 48 hours, fuel shortages and panic buying ensued, with some desperate drivers getting into fistfights and even hauling fuel in plastic bags.

Joseph Blount Jr., President and Chief Executive Officer, Colonial Pipeline attends a hearing to examine threats to critical infrastructure, focusing on examining the Colonial Pipeline cyber attack at the US Capitol in Washington, DC on June 8, 2021. (GRAEME JENNINGS/)

FBI and other federal law enforcement agencies generally tell companies not to pay ransoms in cyberattacks for fear that the criminals may not provide the keys to unscramble stolen data. Authorities warn that cash prizes could encourage future hacks and help bankroll criminal networks, many of which are based in Russia and Eastern Europe.

But the Justice Department announced Monday that the U.S. government had recovered more than $2 million of the ransom paid by Colonial, and Blount said he’s ultimately proud of his decision.

“It was the hardest decision I’ve made in my 39 years in the energy industry,” he said.

Blount’s testimony comes as Congress is weighing possible measures to address an uptick in cyberattacks on both public and private sector entities, including recent hacks of New York City’s Metropolitan Transportation Authority and Law Department, as well as the SolarWinds ransomware assault that impacted several executive branch agencies last year.

“We’ve got to recognize these ransomware attacks for what they are. It’s a serious national security threat,” Sen. Rob Portman (R-Ohio) said during the hearing. “Attacks against critical infrastructure are not just attacks on companies. They are attacks on our country itself.”

Senators and Blount both suggested the Colonial attack could have led to even greater disruptions.

Blount said he worried what would happen to emergency responders such as firefighters, police and ambulance drivers if fuel services weren’t restored rapidly.

Sen. James Lankford looks on as Blount testifies. (ANDREW CABALLERO-REYNOLDS/)

Since the hack, the federal government has stepped up requirements for operators of critical infrastructure such as pipelines.

Senate Homeland Security Chairman Gary Peters (D-Mich.) suggested Congress should consider adding additional requirements or pass legislation to help companies be better prepared.

“The next time an incident like this happens, unfortunately, it could be even worse,” Peters said.

Senators mostly treated Blount gently, but Sen. Josh Hawley (R-Mo.) raised the idea that Colonial is more worried about paying profits to shareholders such as Shell Oil and Koch Industries.

The GOP senator noted that in 2018, the company paid its shareholders $670 million. He asked Blount how much the firm spends each year on cybersecurity.

“What are you doing in terms of your investment for cybersecurity? I know you’re paying your investors well,” Hawley asked.

Blount did not give a specific number, though he said Colonial has spent about $200 million over the last five years on its IT systems.

“Our owners have never denied us any opportunity to spend what we need to spend in order to keep the pipeline safe and secure,” Blount said.