Colonial Pipeline CEO Confirms $4.4 Million Ransom Payment to Hackers

In mid-May 2021, Colonial Pipeline, the largest pipeline operator in the United States responsible for transporting fuel, suffered a ransomware attack by the DarkSide group. The attack disrupted the supply of gasoline, diesel, jet fuel, and other petroleum products, leading to a state of emergency being declared in several states.

The incident forced Colonial Pipeline to temporarily halt operations. The company transports petroleum products between refineries on the Gulf Coast and markets in the southern and eastern United States. Its pipeline, stretching 5,500 miles, carries up to 2,500,000 barrels per day—about 45% of all fuel consumed on the East Coast.

Late last week, Bloomberg, citing anonymous sources, reported that the company paid the hackers a ransom of $5 million. Although earlier reports from The Washington Post and Reuters claimed the company did not intend to negotiate with the attackers, Bloomberg stated that this information was inaccurate.

Almost simultaneously with these reports, Colonial Pipeline managed to restore normal operations, and fuel deliveries resumed at regular volumes.

Today, Colonial Pipeline CEO Joseph Blount officially confirmed to the Wall Street Journal that the company paid the hackers a ransom of $4.4 million in Bitcoin. According to Blount, this was necessary to recover from the ransomware attack as quickly as possible, given its impact on critical energy infrastructure. He described the ransom payment as “the right thing to do for the country.”

“I know this was a highly controversial decision. It wasn’t easy for me to do. I admit, it was uncomfortable watching money go to such people,” Blount said, noting that the ransom was paid on May 7.

Ultimately, the company did receive a decryption tool, but as previously reported, it worked so slowly that Colonial Pipeline’s specialists had to continue restoring systems from backups they had already started using.