Colonial Pipeline CEO Confirms Ransom Payment

The CEO of Colonial Pipeline has publicly confirmed what everyone already knew, that his firm had paid the DarkSide criminal gang its ransom demand.

Paying criminals like DarkSide goes against the advice of security experts and law enforcement agencies, as it only encourages other ransomware attacks and does not guarantee that systems will be recovered.

Earlier this week security researchers at London-based Eliptic identified the Bitcoin digital wallet used by DarkSide to extract ransoms from their victims.

Elliptic also revealed DarkSide and its affiliates had bagged at least $90 million in bitcoin ransom payments in total from various ransomware victims.

Ransom paid

And now Joseph Blount, Colonial Pipeline’s CEO, has admitted to adding to the coffers of the DarkSide criminals.

He told the Wall Street Journal he had authorised the ransom payment of $4.4 million (75 Bitcoin), because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back.

“This decision was not made lightly,” but it was one that had to be made, a company spokesman was quoted by the Guardian newspaper as saying. “Tens of millions of Americans rely on Colonial: hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public.”

“I know that’s a highly controversial decision,” Blount reportedly said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

“But it was the right thing to do for the country,” he said.

Blount said Colonial had paid the ransom in consultation with experts who previously dealt with DarkSide, which rents out its ransomware to partners to carry out the actual attacks.

Various media reports have stated that despite Colonial paying the ransom, some systems are still offline, namely billing and communications systems.

Pipeline takedown

On Friday 7 May a major pipeline (Colonial Pipeline) in the United States was attacked by DarkSide, causing widespread fuel shortages on the US east coast.

Indeed, so serious was the attack that the US government engaged emergency powers and US President Joe Biden received “personal briefings” about the cyberattack.

The Colonial Pipeline runs between Texas and New Jersey and is 5,500 mile long.

It carries 2.5 million barrels a day, which translates to 45 percent of the fuel supply for the US East Coast. It includes diesel, petrol and jet fuel.

It serves 90 US military installations and 26 oil refineries, as well as Atlanta airport – a busy regional airhub for America.

The devastation after the attack caused DarkSide, a criminal gang located in either Russia or Eastern Europe, to publicly declare they were not carrying out the attack for political purposes, but rather were just seeking to make money.

The British Foreign Secretary Dominic Raab warned Russia that it cannot continue to shelter criminal gangs carrying out ransomware attacks on Western nations.

US retaliation?

Last week DarkSide reportedly closed down, after unknown actors shut down the servers of the group.

US cyber security firm Recorded Future said that Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.

Although there is speculation this may be an attempt by DarkSide to escape the heat that its pipeline hack has generated.

That said, it has been reported that the US military’s Cyber Command may have downed DarkSide, after the Twitter account of the Pentagon’s 780th Military Intelligence Brigade, a hacking unit, had retweeted the Recorded Future report shortly after it came out.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago