Colonial Pipeline CEO Joseph Blount defended his decision Tuesday to pay the hackers that launched a ransomware attack against the crucial fuel line, telling a Senate panel it was "the right choice" and that he put "the interests of the country first."
Why it matters: Federal investigators for years have recommended that companies do not pay hacking groups to decrypt their computer systems over fears that the transactions would encourage more groups to conduct future attacks.
What they're saying: "I made the decision to pay and I made the decision to keep the information about payment as confidential as possible," Blount told the Senate Homeland Security and Government Affairs Committee Tuesday. "It was the hardest decision in my 39 years in the energy industry."
- "And I know how critical the pipeline is to the country, and I put the interest of the country first. I kept the information closely held because we were concerned about safety and security, and we wanted to stay focused on getting the pipeline running. I believe it was the right choice to make," he added.
- "I also now state publicly that we quickly worked with the law enforcement in this matter from the start, which may have helped lead to the recovery of funds announced by the DOJ this week."
Context: Blount told the Wall Street Journal he authorized a ransom payment of $4.4 million to the DarkSide cybercrime group on May 7 in an attempt to restore the services of the largest refined fuels pipeline in the country.
- However, the company had been following instructions from the FBI in making the transaction, which was able to track it, according to CNN.
- After the payment, the hacker group said it was going dark after it lost access to the infrastructure needed to carry out its extortion operations and that a cryptocurrency account it uses to pay its affiliates had been drained.
The big picture: The Department of Justice and FBI said Monday the U.S. had recovered $2.3 million worth of cryptocurrency from payments to individuals tied to DarkSide.
- It marked the first seizure undertaken by a recently created digital extortion taskforce in the Justice Department, according to CNN.
Go deeper: DOJ to treat ransomware attacks with similar priority as terrorism