Pipeline Exec to Face Congress as U.S. Recovers Most of Ransom

WASHINGTON (AP) -
A person fills a fuel container at a Shell gas station, after a cyberattack crippled the biggest fuel pipeline in the country, run by Colonial Pipeline, in Washington. (Reuters/Andrew Kelly/File Photo)

The chief executive of the massive fuel pipeline hit by ransomware last month is expected to detail his company’s response to the cyberattack and to explain his decision to authorize a multimillion-dollar payment when he testifies before Congress this week.

Colonial Pipeline CEO Joseph Blount will face the Senate Homeland Security Committee on Tuesday, one day after the Justice Department revealed it had recovered the majority of the $4.4 million ransom payment the company made in hopes of getting its system back online. A second hearing is set for Wednesday before the House Homeland Security Committee.

Blount’s testimony marks his first appearance before Congress since the May 7 ransomware attack that led Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, to temporarily halt operations. The attack has been attributed to a Russia-based gang of cybercriminals using the DarkSide ransomware variant, one of more than 100 variants the FBI is currently investigating.

The company decided soon after the attack to pay ransom of 75 bitcoin, then valued at roughly $4.4 million. Though the FBI has historically discouraged ransomware payments for fear of encouraging cyberattacks, Colonial officials have said they saw the transaction as necessary to resume the vital fuel transport business as rapidly as possible.

The operation to seize cryptocurrency paid to the Russia-based hacker group is the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration Justice Department. It reflects a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.

Weeks after the Colonial Pipeline attack, a ransomware attack attributed to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, disrupted production at Brazil’s JBS SA, the world’s largest meat processing company.

The ransomware business has evolved into a highly compartmentalized racket, with labor divided among the provider of the software that locks data, ransom negotiators, hackers who break into targeted networks, hackers skilled at moving undetected through those systems and exfiltrating sensitive data — and even call centers in India employed to threaten people whose data was stolen to pressure for extortion payments.