Colonial Pipeline chief executive Joseph Blount has confirmed the company shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the U.S.
In an interview with the Wall Street Journal, Blount said the ransomware extortion payment was necessary to help the company recover quickly from a malware attack that had downstream, real-world consequences.
The Colonial Pipeline CEO described the ransomware payment as “the right thing to do for the country.”
“I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,” Blount said, noting that the multi-million payment to the ransomware-as-a-service group was a “highly controversial decision.”
The Wall Street Journal report said Colonial Pipeline made the $4.4 million payment on the evening of May 7 in the form of bitcoin. The company did receive a decryption tool to retrieve the locked data but white the tool was somewhat useful, it was ultimately not enough to immediately restore the pipeline’s systems, the newspaper said.
The ransomware attack has already led to ‘state of emergency’ declarations, temporary lines at gas pumps and rising gas prices.
The U.S. Federal Bureau of Investigation (FBI) and law enforcement agencies typically advise against ransom payments to cybercriminals, especially since some payments may be subject to international sanctions violations.
Additionally, there are no guarantees the data decryption key will work to retrieve encrypted data and no way to be sure the data wasn’t stolen and resold on darkweb marketplaces.
However, even U.S. government organizations have been known to pay significant amounts of money to cybercriminals following ransomware attacks.