clearn.png
Saturday September 25th, 2021 8:47PM

Pipeline CEO: Ransom payment among my 'toughest decisions'

By The Associated Press
Related Articles
  Contact Editor

WASHINGTON (AP) — The chief executive of the massive fuel pipeline hit by ransomware last month told senators on Tuesday that authorizing a multi-million-dollar payment to hackers was the right thing to do to bring an end to fuel shortages affecting much of the eastern United States, even as authorities have discouraged such payments.

Asked how much worse it would have been if Colonial Pipeline hadn't paid to get its data back, CEO Joseph Blount said, “That's an unknown we probably don't want to know. And it’s an unknown we probably don’t want to play out in a public forum.”

He said that given the company's crucial role in fuel transport, and the potential for “pandemonium” arising from a prolonged shutdown of the pipeline, he made the decision to pay a ransom to the hackers. The encryption tool the hackers provided the company in exchange for the payment helped “to some degree" but has not been perfect, with Colonial still in the process of fully restoring its system, Blount said.

Blount faced the Senate Homeland Security Committee, one day after the Justice Department revealed it had recovered the majority of the $4.4 million ransom payment the company made in hopes of getting its system back online.

Blount's testimony marks his first appearance before Congress since the May 7 ransomware attack that led Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, to temporarily halt operations. The attack has been attributed to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating.

The company began negotiating with the hackers on the evening of the attack and, the following day, paid a ransom of 75 bitcoin — then valued at roughly $4.4 million. Though the FBI has historically discouraged ransomware payments for fear of encouraging cyberattacks, Colonial officials have said they saw the transaction as necessary to resume the vital fuel transport business as rapidly as possible.

“It was one of the toughest decisions I have had to make in my life,” Blount said in prepared remarks. “At the time, I kept this information close hold because we were concerned about operational security and minimizing publicity for the threat actor. But I believe that restoring critical infrastructure as quickly as possible, in this situation, was the right thing to do for the country.”

The attack, which Blount says began after hackers exploited a virtual private network that was not intended to be in use and has since been shut down, had significant collateral consequences, including gas shortages as concerned motorists rushed to fill their tanks.

The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department. It reflects a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

“By going after the entire ecosystem that fuels ransomware and digital extortion attacks — including criminal proceeds in the form of digital currency — we will continue to use all of our resources to increase the cost and consequences of ransomware and other cyber-based attacks,” Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

In a statement Monday, Blount said he was grateful for the FBI's efforts and said holding hackers accountable and disrupting their activities "is the best way to deter and defend against future attacks of this nature.

“The private sector also has an equally important role to play and we must continue to take cyber threats seriously and invest accordingly to harden our defenses,” he added.

Cryptocurrency is favored by cybercriminals because it enables direct online payments regardless of geographical location, but in this case, the FBI was able to identify a virtual currency wallet used by the hackers and recovered the proceeds from there, Abbate said. The Justice Department did not provide details about how the FBI had obtained a “key” for the specific bitcoin address, but said law enforcement had been able to track multiple transfers of the cryptocurrency.

“For financially motivated cyber criminals, especially those presumably located overseas, cutting off access to revenue is one of the most impactful consequences we can impose,” Abbate said.

The Bitcoin amount seized — 63.7, currently valued at $2.3 million after the price of Bitcoin tumbled— amounted to 85% of the total ransom paid, which is the exact amount that the cryptocurrency-tracking firm Elliptic says it believes was the take of the affiliate who carried out the attack. The ransomware software provider, DarkSide, would have gotten the other 15%.

“The extortionists will never see this money,” said Stephanie Hinds, the acting U.S. attorney for the Northern District of California, where a judge earlier Monday authorized the seizure warrant.

Ransomware attacks — in which hackers encrypt a victim organization's data and demand a hefty sum for returning the information — have flourished across the globe. Last year was the costliest on record for such attacks. Hackers have targeted vital industries, as well as hospitals and police departments.

Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil’s JBS SA, the world's largest meat processing company.

The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data — and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.

_____

Associated Press writer Frank Bajak in Boston contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP Online Headlines - Washington, AP Business, AP Online - Georgia News, AP Business - Financial Markets, AP Technology News
© Copyright 2021 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Pipeline CEO: Ransom payment among my 'toughest decisions'
The chief executive of the massive fuel pipeline hit by ransomware last month will tell senators on Tuesday that authorizing a multi-million-dollar payment to hackers was “one of the toughest decisions I have had to make in my life” but also the right thing to do for the country
10:20AM ( 6 minutes ago )
Serb military chief Ratko Mladic's conviction upheld
U.N. appeals judges have upheld the convictions of former Bosnian Serb military chief Ratko Mladic for genocide and other offenses during Bosnia’s 1992-95 war and confirmed his life sentence
10:18AM ( 7 minutes ago )
Official: Death toll rises to 65 in Pakistan train collision
Pakistani officials say the death toll from a collision of two trains in the country's south has risen to 65 after rescuers pulled 15 more bodies from crumpled cars a day after the crash
10:02AM ( 23 minutes ago )
Associated Press (AP)
French leader Macron is slapped during visit to small town
French President Emmanuel Macron has been slapped in the face by a man during a visit to a small town in southeast France
9:45AM ( 41 minutes ago )
Global glitch: Swaths of internet go down after cloud outage
Dozens of websites briefly went offline around the globe Tuesday, including CNN, The New York Times and Britain’s government home page, after an outage at the cloud service Fastly
9:31AM ( 55 minutes ago )
UN judges to rule on Ratko Mladic appeal against convictions
Former Bosnian Serb military chief Ratko Mladic is about to hear if U.N. judges have upheld or overturned his convictions and life sentence for masterminding genocide and other atrocities throughout Bosnia’s 1992-95 war
9:26AM ( 59 minutes ago )
AP National News
US identifies 3,900 children separated at border under Trump
The Biden administration says it has identified more than 3,900 children separated from their parents at the U.S.-Mexico border under former President Donald Trump’s “zero-tolerance” policy on illegal crossings
6:59AM ( 3 hours ago )
Swaths of internet down, outage at cloud company Fastly
Numerous websites were unavailable on Tuesday after an apparent widespread at cloud service company Fastly
6:58AM ( 3 hours ago )
NRA's gun rights message lingers despite legal, money woes
The National Rifle Association has been embroiled in a legal and financial battle that liberals have cheered as the potential downfall of the powerful gun rights lobby, opening up a wide path for reform
6:45AM ( 3 hours ago )
AP Online National News
Foundation to spend $1.3B to vaccinate Africans for COVID
One of the largest foundations in the world announced Tuesday it will spend $1.3 billion over the next three years to acquire and deliver COVID-19 vaccines for more than 50 million people in Africa
9:35AM ( 50 minutes ago )
World Bank sees 5.6% global growth in 2021, best since 1973
The World Bank is upgrading the outlook for global growth this year, predicting that COVID-19 vaccinations and massive government stimulus in rich countries will power the fastest worldwide expansion in nearly five decades
9:33AM ( 53 minutes ago )
US trade deficit dips to $68.9 billion with exports up
The U.S. trade deficit narrowed in April to $68.9 billion as an improving global economy boosted sales of American exports
9:17AM ( 1 hour ago )
AP Business
World shares mixed as investors await inflation updates
World shares are mixed, with European indexes mostly higher after a downbeat session in Asia
4:44AM ( 5 hours ago )
Asian shares edge lower after mixed finish on Wall Street
Stocks have edged lower in Asia after a mixed finish on Wall Street
2:33AM ( 7 hours ago )
State media: Kim has plans to stabilize N. Korean economy
North Korean leader Kim Jong Un presented economic plans to senior ruling party officials before an upcoming meeting  to review efforts to overcome hardships brought about by the pandemic
12:39AM ( 9 hours ago )
AP Business - Financial Markets
Serb military chief Ratko Mladic's conviction upheld
U.N. appeals judges have upheld the convictions of former Bosnian Serb military chief Ratko Mladic for genocide and other offenses during Bosnia’s 1992-95 war and confirmed his life sentence
10:18AM ( 7 minutes ago )
US trade deficit dips to $68.9 billion with exports up
The U.S. trade deficit narrowed in April to $68.9 billion as an improving global economy boosted sales of American exports
10:10AM ( 15 minutes ago )
Official: Death toll rises to 65 in Pakistan train collision
Pakistani officials say the death toll from a collision of two trains in the country's south has risen to 65 after rescuers pulled 15 more bodies from crumpled cars a day after the crash
10:02AM ( 24 minutes ago )
NRA's gun rights message not slowed by legal, money troubles
The National Rifle Association has been embroiled in a legal and financial battle that liberals have cheered as the potential downfall of the powerful gun rights lobby, opening up a wide path for reform
10:01AM ( 24 minutes ago )
The Latest: 2019 US Open champ Andreescu splits with coach
Bianca Andreescu has split with the coach who helped her win the 2019 U.S. Open championship
9:58AM ( 27 minutes ago )