Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers

Experts view the CEO's candidness about the hack as a benefit to the cyber security industry

Colonial Pipeline CEO Joseph Blount has confirmed the company has paid $4.4 million (£3.1 million) to cyber criminals that launched a ransomware attack against it earlier in the month.

According to the Wall Street Journal, Blount approved the payment as executives were unclear how extensive the attack was, how far it had penetrated systems, and the time it would take to bring company operations back to normal.

“I know that’s a highly controversial decision,” Blount told the Journal. “But it was the right thing to do for the country. I didn't make it (the decision) lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Blount said the company paid the ransom after consulting experts who’ve dealt with the DarkSide hacking group responsible for the attacks.

Cyber security firm Elliptic claimed Colonial Pipeline had paid a ransom of more than $5 million through an analysis of cryptocurrency wallet activity. Earlier this month, DarkSide claimed it shuttered its ransomware-as-a-service operation.

Lewis Jones, threat intelligence analyst at Talion, told ITPro that getting hit with ransomware doesn’t mean a company has failed. The threat is an unfortunate fact of life today. It doesn’t matter how strong your defenses are, attackers will continue to be creative and adapt new techniques to infiltrate defenses.

Related Resource

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Defend your organisation from evolving ransomware attacks - whitepaper from VeritasDownload now

“The fact that the CEO of Colonial Pipeline is speaking publicly about the company’s recent ransom payment is a very positive step and more companies should follow suit. The more companies open up about attacks and are transparent on the action they took when under attack, the more we can learn about cybercriminal techniques and build better defenses,” he said.

“Whilst it appears the CEO felt they had no further option, the surrendering and paying of ransom do further feed the issue by providing the attackers with more funds for better capability and more notoriety, which may fuel copycat tactics by other groups.”

Edgard Capdevielle, CEO of Nozomi Networks, told ITPro that ransomware is a reality that many organizations face today. By coming out and talking about the attack, the Colonial Pipeline CEO provides the security industry with invaluable intelligence into the cyber criminals’ techniques, helping drive more awareness around the threat and build better defenses.

“When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he said.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021