Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers

Experts view the CEO's candidness about the hack as a benefit to the cyber security industry

Colonial Pipeline CEO Joseph Blount has confirmed the company has paid $4.4 million (£3.1 million) to cyber criminals that launched a ransomware attack against it earlier in the month.

According to the Wall Street Journal, Blount approved the payment as executives were unclear how extensive the attack was, how far it had penetrated systems, and the time it would take to bring company operations back to normal.

“I know that’s a highly controversial decision,” Blount told the Journal. “But it was the right thing to do for the country. I didn't make it (the decision) lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Blount said the company paid the ransom after consulting experts who’ve dealt with the DarkSide hacking group responsible for the attacks.

Cyber security firm Elliptic claimed Colonial Pipeline had paid a ransom of more than $5 million through an analysis of cryptocurrency wallet activity. Earlier this month, DarkSide claimed it shuttered its ransomware-as-a-service operation.

Lewis Jones, threat intelligence analyst at Talion, told ITPro that getting hit with ransomware doesn’t mean a company has failed. The threat is an unfortunate fact of life today. It doesn’t matter how strong your defenses are, attackers will continue to be creative and adapt new techniques to infiltrate defenses.

Related Resource

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Defend your organisation from evolving ransomware attacks - whitepaper from VeritasDownload now

“The fact that the CEO of Colonial Pipeline is speaking publicly about the company’s recent ransom payment is a very positive step and more companies should follow suit. The more companies open up about attacks and are transparent on the action they took when under attack, the more we can learn about cybercriminal techniques and build better defenses,” he said.

“Whilst it appears the CEO felt they had no further option, the surrendering and paying of ransom do further feed the issue by providing the attackers with more funds for better capability and more notoriety, which may fuel copycat tactics by other groups.”

Edgard Capdevielle, CEO of Nozomi Networks, told ITPro that ransomware is a reality that many organizations face today. By coming out and talking about the attack, the Colonial Pipeline CEO provides the security industry with invaluable intelligence into the cyber criminals’ techniques, helping drive more awareness around the threat and build better defenses.

“When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he said.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

BillQuick billing software exploit lets hackers deploy ransomware
Security

BillQuick billing software exploit lets hackers deploy ransomware

26 Oct 2021
Ransomware hit industrial sector the hardest in the third quarter
ransomware

Ransomware hit industrial sector the hardest in the third quarter

25 Oct 2021
Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021

Most Popular

UK spy agencies supercharge espionage efforts with AWS data deal
cloud computing

UK spy agencies supercharge espionage efforts with AWS data deal

26 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Cryptocurrency: Should you invest?
cryptocurrencies

Cryptocurrency: Should you invest?

27 Oct 2021