The CEO of Colonial Pipeline, Joseph Blount, claims he did not follow the FBI’s advice and paid over a $4.4 million ransom to the hackers called DarkSide because “it was the right thing to do for the country.” He moved to pay the ransom on the same day the company learned of the hacking, he said in a report published by the Wall Street Journal on Wednesday.
Blount decided to pay the ransom after he consulted with the experts who had dealt with DarkSide before. However, he declined to name the experts he consulted, the Journal reported.
“I know that’s a highly controversial decision,” Blount told the Journal in what were his first public remarks since the hack. “I didn’t take it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Businesses are advised by the FBI not to pay when hit by malicious software that locks up a user’s data. In a ransomware attack, the hackers demand a ransom before they unlock or return the affected data. Paying ransom creates incentives and encourages more attacks, and supports criminal groups, according to the FBI.
“The FBI does not support paying a ransom in response to a ransomware attack,” the FBI’s website says plainly. “It [paying ransom] also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
The cyberattack on the pipeline caused a shutdown of one of the largest US oil pipelines for six days. The incident resulted in panic buying of gas and fuel shortages across the Southeast.
The hackers provided a decryption tool to Colonial to unlock the crippled systems in exchange for the payment. However, the company was still not able to restore its operations fully.
Alpharetta, a Georgia-based company, still cannot bill customers because the hacking caused issues with their financial system. Blount said Colonial’s overall hit is estimated to be in the tens of millions of dollars.