Colonial Pipeline CEO Joseph Blount said it was the "hardest decision" of his career to pay ransom to cyberattackers who targeted the critical East Coast fuel source last month. Pool photo by Andrew Cabellero-Reynolds/UPI | License Photo
June 8 (UPI) -- Colonial Pipeline CEO Joseph Blount said Tuesday that choosing to pay a ransom to cyberattackers who shut down the source of fuel to much of the East Coast last month was the most difficult in his time leading the company.
Blount testified before the Senate Committee on Homeland Security and Governmental Affairs about the attack that shut down the pipeline which provides 45% of the East Coast's fuel supply. The shutdown prompted gas shortages and panic buying, and cost the company $4.4 million in ransom.
The cybercriminal organization DarkSide exploited security weaknesses in the company to encrypt crucial files while threatening to release them online.
Blount said that the company chose to shut down the pipeline network as it was not sure of the extent of the attack and that he chose to pay the ransom in order to "have every tool available to us to swiftly get the pipeline back up and running" despite general recommendations from the FBI and Department of Homeland Security to avoid paying cybercriminals.
"I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible," Blount said. "It was the hardest decision I made in my 39 years in the energy industry and I know how critical our pipeline is to the country, and I put the interest of the country first."
On Monday, the Justice Department announced that its new Ransomware and Digital Extortion Task Force, established in the wake of the cyberattack, was able to recover $2.3 million of the ransom.
The shutdown resulted in a hike in gas prices that lasted about a week and prompted several state governments to declare states of emergency as people rushed to fill their tanks.
In his prepared testimony, Blount apologized for the impact of the attack while urging public and private sectors to make further strides to develop tools and intelligence to prevent ransomware attacks, noting that "being extorted by criminals is not a position any company wants to be in."
"We are deeply sorry for the impact that this attack had but are heartened by the resilience of our country and of our company," he said.
Blount said that hackers exploited an old VPN profile, which cybersecurity firm FireEye said lacked multi-factor authentication, making it more susceptible to attack. Multi-factor authentication requires a secondary passcode in addition to a password.
"It was a complicated password ... I want to be clear on that ... it was not a 'colonial123'-type password," he said.
In response to questions from lawmakers about the Colonial's cyberattack preparedness, Blount said the company has invested more than $200 million into its IT systems in the past five years including more than $1.5 million in system integrity and that its board of directors had not ever denied funding for cybersecurity requested by its chief information officer.
"Colonial Pipeline can -- and we will -- continue investing in cybersecurity and strengthening our systems," Blount said. "But criminal gangs and nation states are always evolving, sharpening their tactics and working to find new ways to infiltrate the systems of American companies and the American government. These attacks will continue to happen and critical infrastructure will continue to be a target."
Blount said the federal government and private companies must both work to combat further attacks.
"If we look at the number of incidents that are taking place today, throughout the world, let alone America, private industry alone can't do everything, can't solve the problem totally by themselves," he said. "So the partnership between private and government is very important to fight this ongoing [onslaught] of cyberattacks around the world."