Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’

The chief executive has confirmed the payment of a $4.4 million ransom.
Written by Charlie Osborne, Contributing Writer

The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the "right thing to do for the country."

Speaking to the Wall Street Journal, Colonial Pipeline CEO Joseph Blount acknowledged that a $4.4 million ransom demand was paid after a ransom note was found by an employee on the firm's systems on May 7. 

Alpharetta, Georgia-based Colonial Pipeline was forced to close down its pipeline operations and IT systems following a ransomware attack launched by DarkSide ransomware operators. 

Colonial Pipeline says it provides approximately 45% of the East Coast's fuel, including gasoline, diesel, and military supplies. 

The public disclosure of the incident prompted panic-buying in some cities across the United States, the price of gas rose, and despite pleas for customers not to panic, a number of gas stations reported themselves as running dry.

It took the best part of a week for Colonial Pipeline to restore both main and small lateral fuel lines as the company worked to keep the hardest-hit areas supplied as best as it could. 

As a core energy infrastructure asset of the US, the chief executive said that he authorized the $4.4 million payment due to "the stakes involved," according to the WSJ. 

At the time, the company was not sure of the scope of the attack and how long the pipelines would be out of operation.

DarkSide was a double-extortion group, in which confidential information is stolen at the time of a cyberattack and before systems are encrypted -- which would alert victim organizations to their presence. The cybercriminals then threaten their victims if they refuse to pay for a decryption key with the public exposure of their information on a leak site. 

Blount acknowledged that paying up was a "highly controversial" decision and not one to be "made lightly." However, the CEO said it was the right thing to do considering the potential energy supply implications to the United States. 

The FBI confirmed that a DarkSide operator was responsible for the attack. 

DarkSide, a ransomware-as-a-service (RaaS) affiliate operation, has since lost control of its blog and servers, effectively closing down the criminal outfit -- at least, in its current form. 

According to Elliptic, DarkSide operators raked in over $90 million in cryptocurrency ransom payments from at least 47 victims. 

US President Joe Biden has since signed an executive order to improve federal security requirements. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards