Colonial Pipeline CEO confirms $4.4 million payment to DarkSide hackers
Experts view the CEO's candidness about the hack as a benefit to the cyber security industry


Colonial Pipeline CEO Joseph Blount has confirmed the company has paid $4.4 million (£3.1 million) to cyber criminals that launched a ransomware attack against it earlier in the month.
According to the Wall Street Journal, Blount approved the payment as executives were unclear how extensive the attack was, how far it had penetrated systems, and the time it would take to bring company operations back to normal.
“I know that’s a highly controversial decision,” Blount told the Journal. “But it was the right thing to do for the country. I didn't make it (the decision) lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."
Blount said the company paid the ransom after consulting experts who’ve dealt with the DarkSide hacking group responsible for the attacks.
Cyber security firm Elliptic claimed Colonial Pipeline had paid a ransom of more than $5 million through an analysis of cryptocurrency wallet activity. Earlier this month, DarkSide claimed it shuttered its ransomware-as-a-service operation.
Lewis Jones, threat intelligence analyst at Talion, told ITPro that getting hit with ransomware doesn’t mean a company has failed. The threat is an unfortunate fact of life today. It doesn’t matter how strong your defenses are, attackers will continue to be creative and adapt new techniques to infiltrate defenses.
RELATED RESOURCE
Defend your organisation from evolving ransomware attacks
Learn what it takes to reduce risk and strengthen operational resiliency
“The fact that the CEO of Colonial Pipeline is speaking publicly about the company’s recent ransom payment is a very positive step and more companies should follow suit. The more companies open up about attacks and are transparent on the action they took when under attack, the more we can learn about cybercriminal techniques and build better defenses,” he said.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“Whilst it appears the CEO felt they had no further option, the surrendering and paying of ransom do further feed the issue by providing the attackers with more funds for better capability and more notoriety, which may fuel copycat tactics by other groups.”
Edgard Capdevielle, CEO of Nozomi Networks, told ITPro that ransomware is a reality that many organizations face today. By coming out and talking about the attack, the Colonial Pipeline CEO provides the security industry with invaluable intelligence into the cyber criminals’ techniques, helping drive more awareness around the threat and build better defenses.
“When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
AI coding tools are booming – and developers in this one country are by far the most frequent users
News AI coding tools are soaring in popularity worldwide, but developers in one particular country are among the most frequent users.
-
Cisco warns of critical flaw in Unified Communications Manager – so you better patch now
News While the bug doesn't appear to have been exploited in the wild, Cisco customers are advised to move fast to apply a patch
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years