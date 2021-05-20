Colonial Pipeline paid hackers a $4.4 million ransom to regain control of its computer systems and restart fuel delivery to the East Coast, the company's chief executive said Wednesday.

In an interview with The Wall Street Journal, Colonial CEO Joseph Blount said the decision to pay off a hacking group was "the right thing to do for the country." He acknowledged that the payment was "highly controversial" because federal officials largely discourage companies from incentivizing cyberattacks by compensating bad actors.

Blount said he authorized the payment after the May 7 ransomware attack because the company wasn't sure how long it would take to bring the pipeline's systems back.

[Video not showing up above? Click here to watch » https://www.youtube.com/watch?v=sTz_syK153g]

The pipeline supplies almost half of the East Coast's fuel; almost immediately, the stoppage set off waves of panic-buying. He said it was also not immediately clear how far hackers had reached into Colonial's network and what other systems were at risk.

The Colonial executive's comments clarify conflicting accounts last week about the company's actions. The Washington Post initially reported that Colonial had no plans to pay the ransom, but other news outlets later reported that Colonial did pay. The company and federal officials refused to clarify the matter publicly last week.

Blount decided to pay the ransom almost immediately, he told The Journal.

"I know that's a highly controversial decision," Blount said. "I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."

Blount said Colonial paid the ransom after consultation with experts who previously dealt with the group behind the attacks, DarkSide, which rents out its ransomware to partners to carry out the actual attacks. DarkSide is a Russian-based hacking group responsible for $46 million in ransom payments this year, according to researchers.

In a message sent May 13 to partners in its ransomware business, DarkSide said it was shutting down "due to the pressure from the U.S.," according to a blog post by Intel471, a cybercrime intelligence company.

But some security experts warned that the group may just be trying to ride out the storm. Such hacking groups frequently disperse after high-profile operations, especially after receiving a ransom, experts say, and later reemerge with a new identity.

The pipeline resumed full operations May 13, Colonial officials said. By that point, gasoline prices had skyrocketed in some areas. The nationwide average cost of a gallon of gasoline jumped from $2.96 the day of the cyberattack to $3.04, according to GasBuddy. In the District of Columbia, where more than half of service stations remain without fuel, prices jumped to $3.10 per gallon.

Blount told The Journal that the attack was discovered the morning of May 7. It took Colonial about an hour to shut down the pipeline, which has 260 delivery points across 13 states and Washington, D.C., he said. That helped prevent the infection from potentially migrating to the pipeline's operational controls.

Blount said Colonial's operational systems were not affected but that it halted fuel service as a precaution. It sent staff members traveling the length of the 29,000-mile pipeline to look for physical damage and positioned 300 workers along the route to secure the infrastructure.

Colonial told employees not to log on to the company's corporate network as executives rushed to contact federal officials at the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. The Department of Energy took the lead in coordinating the federal response, Blount said, with agency Secretary Jennifer Granholm and Deputy Secretary David Turk in regular contact with company executives.

Information for this article was contributed by Jacob Bogage of The Washington Post and by staff members of The Associated Press.