Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers

Colonial Pipeline CEO Joseph Blount has confirmed the company has paid $4.4 million (£3.1 million) to cyber criminals that launched a ransomware attack against it earlier in the month.

According to the Wall Street Journal, Blount approved the payment as executives were unclear how extensive the attack was, how far it had penetrated systems, and the time it would take to bring company operations back to normal.

“I know that’s a highly controversial decision,” Blount told the Journal. “But it was the right thing to do for the country. I didn't make it (the decision) lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Blount said the company paid the ransom after consulting experts who’ve dealt with the DarkSide hacking group responsible for the attacks.

Cyber security firm Elliptic claimed Colonial Pipeline had paid a ransom of more than $5 million through an analysis of cryptocurrency wallet activity. Earlier this month, DarkSide claimed it shuttered its ransomware-as-a-service operation.

Lewis Jones, threat intelligence analyst at Talion, told ITPro that getting hit with ransomware doesn’t mean a company has failed. The threat is an unfortunate fact of life today. It doesn’t matter how strong your defenses are, attackers will continue to be creative and adapt new techniques to infiltrate defenses.

“The fact that the CEO of Colonial Pipeline is speaking publicly about the company’s recent ransom payment is a very positive step and more companies should follow suit. The more companies open up about attacks and are transparent on the action they took when under attack, the more we can learn about cybercriminal techniques and build better defenses,” he said.

“Whilst it appears the CEO felt they had no further option, the surrendering and paying of ransom do further feed the issue by providing the attackers with more funds for better capability and more notoriety, which may fuel copycat tactics by other groups.”

Edgard Capdevielle, CEO of Nozomi Networks, told ITPro that ransomware is a reality that many organizations face today. By coming out and talking about the attack, the Colonial Pipeline CEO provides the security industry with invaluable intelligence into the cyber criminals’ techniques, helping drive more awareness around the threat and build better defenses.

“When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he said.