Saturday, June 12, 2021
HomePoliticsColonial Pipeline CEO testifies on first hours of ransomware attack

Colonial Pipeline CEO testifies on first hours of ransomware attack

image 100365595 13642750

Image showing the Colonial Pipeline Houston Station facility in Pasadena, Texas (East of Houston) taken on May 10, 2021.Francois Picard | AFP | Getty ImagesWASHINGTON — The president and CEO of the Colonial Pipeline Company will give a public account on Tuesday of the initial hours after a ransomware attack on his company May 7 that crippled gas delivery up and down the East Coast.Joseph Blount, Jr. will tell members of the Senate Homeland Security and Governmental Affairs Committee that the company first learned of the attack shortly before 5:00 A.M. on Friday, May 7, when an employee discovered a ransom note on a system in the IT network.The company had been attacked by a ransomware program created by DarkSide, a cyber criminal group believed to operate out of Russia. The note demanded approximately $5 million for unlocking the company’s files.Shortly after discovering the ransom note, Blount will tell senators, the Colonial Pipeline employee notified a supervisor, and the decision was made to immediately halt the entire pipeline.”At approximately 5:55 A.M. employees began the shutdown process,” Blount will say, according to his prepared testimony. “By 6:10 A.M., they confirmed that all 5,500 miles of pipelines had been shut down.”The decision to shut down the entire pipeline was driven by “the imperative to isolate and contain the attack to help ensure the malware did not spread to the Operational Technology network, which controls our pipeline operations, if it had not already,” Blount will say.The shutdown caused major disruptions to gas delivery up and down the East Coast, as trucks struggled to restock gas stations, and long lines developed at pumps.Blount’s testimony reveals for the first time just how quickly the company decided to suspend operations, and it provided new details about the first few days after the attack.The company believes attackers “exploited a legacy virtual private network profile that was not intended to be in use,” but added that they are “still trying to determine how the attackers gained the needed credentials to exploit it.”Blount will testify about the approximately $5 million in ransom that the company paid to the DarkSide hackers.”I made the decision that Colonial Pipeline would pay the ransom to have every tool available to us to swiftly get the pipeline back up and running,” he will say. “It was one of the toughest decisions I have had to make in my life.””At the time, I kept this information close hold because we were concerned about operational security and minimizing publicity for the threat actor,” Blount will say.”We took steps in advance of making the ransom payment to follow regulatory guidance and we have explained our course of dealings with the attackers to law enforcement,” he will explain, without detailing what those “steps” were.The day before Blount testified, U.S. law enforcement officials announced that they were able to recover $2.3 million in bitcoin from the hacker group.Blount will also tell senators that the company contacted the FBI within hours of discovering the attack.This is a developing news story, please check back for updates.

image 100365595 12891271

image 100365595 14413751



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Popular

Recent Comments