Colonial Pipeline CEO testifies after ransomware attack

By Meg Wagner, Melissa Macaya, Melissa Mahtani, Mike Hayes and Veronica Rocha, CNN

Updated 4:25 p.m. ET, June 8, 2021
2 Posts
Sort byDropdown arrow
9:33 a.m. ET, June 8, 2021

Here's the latest on the Colonial Pipeline hack

From CNN's Evan Perez, Zachary Cohen and Alex Marquardt

An aerial view of fuel holding tanks at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland, on May 13.
An aerial view of fuel holding tanks at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland, on May 13. Drew Angerer/Getty Images

The Justice Department announced Monday that investigators recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month.

The announcement confirms CNN's earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question.

Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.

The ransom recovery, which is the first seizure undertaken by the recently created DOJ digital extortion taskforce, is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal in an interview published last month that the company complied with the $4.4 million ransom demand because officials didn't know the extent of the intrusion by hackers and how long it would take to restore operations.

But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.

"Following the money remains one of the most basic, yet powerful, tools we have," Deputy Attorney General Lisa Monaco said Monday during the DOJ announcement, which followed CNN's reporting about the recovery operation. "Ransom payments are the fuel that propels the digital extortion engine, and today's announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises."

Read more here.

9:00 a.m. ET, June 8, 2021

Colonial Pipeline CEO will testify this morning about last month's cyberattack

The CEO of Colonial Pipeline is set to testify to lawmakers today after a cyberattack caused a six-day shutdown of the pipeline that delivers nearly half of all the diesel and gasoline consumed on the East Coast of the United States.

Joseph Blount, who has run the Colonial Pipeline company for nearly four years, will appear today before the Senate Homeland Security Committee. He is expected to testify Wednesday before the House Committee on Homeland Security in a hearing called "Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure."

The Colonial Pipeline attack — which the FBI attributed to a criminal gang called DarkSide — was done using a relatively unsophisticated form of ransomware, but it caused gas shortages, price spikes and a rush of consumers heading to the pumps out of fear that the outages would last.

Reporting from CNN's Clare Duffy