This article is more than 1 year old
'I put the interests of the country first': Colonial Pipeline CEO on why oil biz paid off ransomware crooks
Mandiant investigation says crims gained access through legacy VPN
The boss of Colonial Pipeline has appeared before a Senate Committee to explain the events which led to US East Coast fuel supplies running dry last month and some $5m being handed over in ransom.
Speaking yesterday before the Senate Homeland Security Committee, Joseph Blount was quizzed about the incident before it became clear that a poorly secured legacy VPN was to blame.
- Fastly 'fesses up to breaking the internet with an 'an undiscovered software bug' triggered by a customer
- Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang
- Eufycam Wi-Fi security cameras streamed video feeds from other people's homes
- Colonial Pipeline was looking to hire cybersecurity manager before ransomware attack shut down operations
Last week, Charles Carmakal, senior VP at cybersecurity firm Mandiant, which responded to the incident, revealed in an interview, that crooks accessed Colonial Pipeline's network using an old VPN and password thought to have fallen into the wrong hands via the dark web, although investigations are still ongoing.
Speaking yesterday, Blount added that the password used to gain access to the VPN was "complex" – it wasn't just "colonial123", he told the hearing.
Giving an account of the events surrounding the 7 May cyberattack, Blount said he had no choice but to pay up once the scale of the breach was known.
"I know how critical our pipeline is to the country," Blount said in the hearing, "and I put the interests of the country first."
He went on: "I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible.
"It was the hardest decision I've made in my 39 years in the energy industry."
The operators of the Colonial Pipeline – which stretches 5,500 miles between Texas and New York, and can carry up to 3 million barrels of fuel per day – reportedly paid $5m to regain access to their systems.
As El Reg reported, the Department of Justice on Monday said it has recovered 63.7 Bitcoins, right now worth $2.1m and falling, of the 75 or so BTC the Colonial Pipeline operators paid the ransomware miscreants who infected the fuel provider's computers. You can watch footage of the hearing here. ®