The operator of the Colonial Pipeline learned it was in trouble at daybreak on May 7, when an employee found a ransom note from hackers on a control-room computer. By that night, the company’s chief executive officer came to a difficult conclusion: He had to pay.
Joseph Blount,
CEO of Colonial Pipeline Co., told The Wall Street Journal that he authorized the ransom payment of $4.4 million because executives were unsure how badly the cyberattack had breached its systems, and consequently, how long it would take to bring the pipeline back.
Mr. Blount acknowledged publicly for the first time that the company had paid the ransom, saying it was an option he felt he had to exercise, given the stakes involved in a shutdown of such critical energy infrastructure. The Colonial Pipeline provides roughly 45% of the fuel for the East Coast, according to the company.
“I know that’s a highly controversial decision,” Mr. Blount said in his first public remarks since the crippling hack. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
“But it was the right thing to do for the country,” he added.
In return for the payment—made in the form of bitcoin, about 75 in all, according to a person familiar with the matter—the company received a decryption tool to unlock the systems that hackers penetrated. While it proved to be of some use, it ultimately wasn’t enough to immediately restore the pipeline’s systems, the person said.
The pipeline, which transports gasoline, diesel, jet fuel and other refined products from the Gulf Coast to Linden, N.J., wound up being shut down for six days. The stoppage spurred a run on gasoline along parts of the East Coast that pushed prices to the highest levels in more than 6 ½ years and left thousands of gas stations without fuel.
East Coast stockpiles of gasoline dropped by about 4.6 million barrels last week, the steepest weekly drop since late February, Energy Department data showed.
For years, the Federal Bureau of Investigation has advised companies not to pay when hit with ransomware, a type of code that takes computer systems hostage and demands payment to have files unlocked. Doing so, officials have said, would…
Read More: Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom