The CEO of the company that controls the Colonial Pipeline has acknowledged for the first time publicly that he authorized a ransom payment to cybercriminals earlier this month. 


What You Need To Know

  • Colonial Pipeline Co. CEO Joseph Blount acknowledged for the first time publicly that he authorized a $4.4 million ransom payment to cybercriminals earlier this month

  • Blount told The Wall Street Journal that executives were unsure how badly the cyberattack had breached the company's systems or how long it would take to restore the pipeline

  • “I know that’s a highly controversial decision ... but it was the right thing to do for the country," Blount said

  • Blount said it will take months of restoration work to recover some business systems and that the attack will ultimately cost Colonial tens of millions of dollars

In an interview with The Wall Street Journal published Wednesday, Joseph Blount said he felt he had to pay the $4.4 million because executives were unsure how badly the cyberattack had breached Colonial Pipeline Co.’s systems or how long it would take to restore the pipeline, which provides about 45% of the fuel for the East Coast. 

“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.

“But it was the right thing to do for the country,” he added.

Colonial discovered the ransomware attack — in which hackers disable computer networks while demanding large payments — early on the morning of May 7 when an employee found a ransom note on a control-room computer. 

Blount concluded by that night that the company had to pay, as he took into account that the 5,500-mile pipeline, which stretches from Houston to Linden, New Jersey, was critical to the country’s energy supply.

The FBI advises companies victimized by ransomware hacks not to pay because doing so encourages future attacks, but some businesses do give in. 

U.S. officials have blamed the Eastern Europe-based hacking group DarkSide for the cyberattack, which shut down the pipeline for six days, resulting in thousands of  gas stations running out of fuel and gas prices hitting a 6½-year high.

Blount said he paid the ransom in consultation with experts who had previously dealt with DarkSide. In exchange for the payment, which was made in the form of bitcoin, the pipeline’s operators received a decryption tool, but that was not enough to immediately restore the pipeline’s systems, The Journal reported.

The company announced May 12 — five days after the hack — that it had restarted operations, and it was Monday before it said the pipeline had returned to transporting fuel at normal levels.

But Blount said it will take months of restoration work to recover some business systems and that the attack will ultimately cost Colonial tens of millions of dollars. He added that the company is still unable to bill customers.