The boss of a critical East Coast fuel line has admitted he authorized a multimillion-dollar payment to a ransomware group that compromised the organization earlier this month.
Affiliates working with the DarkSide group were blamed by the FBI for the attack, which forced operational systems offline — leading to major fuel shortages across much of America and rising prices for several days.
Colonial Pipeline CEO, Joseph Blount, reportedly admitted that the decision was not taken lightly but was done in the national interest.
“Tens of millions of Americans rely on Colonial: hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public,” a spokesperson confirmed to The Guardian.
Its report revealed that rapid action from Colonial’s IT team to shut down systems following the incursion, prevented the malware’s spread to operational controls.
However, the payment was apparently made as the firm didn’t know the extent of the damage or the group’s footprint inside its network.
Americans are still being affected by the incident. Although the pipeline was only out-of-action for five days, restarting on May 12, it warned on Tuesday, “it will take some time for the fuel supply chain to fully catch-up.”
Experts welcomed the company’s openness in talking about the incident.
“No company or CEO should be shamed for this. Instead, we should learn from these incidents to understand how attackers got in, what data was actually returned and what could have been done differently to secure a different outcome,” argued Lewis Jones, threat intelligence analyst at Talion.
“Attackers collaborate on their attacks, and the only way to get ahead of them is to collaborate on our defenses.”
Edgard Capdevielle, CEO of Nozomi Networks, added that ransomware breaches are rapidly becoming a case of “when, not if” for organizations.
“Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he added.
However, criticism has been leveled in the past at organizations that pay ransomware groups, as it’s seen as perpetuating the problem by encouraging more attacks.