Colonial Pipeline President and Chief Executive Officer Joseph Braunt focused on investigating Colonial Pipeline’s cyberattacks at the US Capitol in Washington on June 8, 2021, a key infrastructure. Sweared to attend a hearing investigating the threat to.
Andrew Caballero Reynolds | Reuters
Washington — Colonial Pipeline’s CEO met at the Senate on Tuesday, the day after a Russian-based cybercriminal hacked the company’s IT network and disrupted the delivery of fuel to and from the east coast. He said he paid a ransom of $ 5 million.
Joseph Brownt, Jr., told members of the Senate Department of Homeland Security and Government Affairs that an employee discovered a ransom note on a system in the IT network shortly before 5 am on May 7. I said I knew.
According to notes, hackers “stolen” material from the company’s shared internal drive, demanding about $ 5 million in exchange for files.
The company was attacked by a ransomware program created by DarkSide, a cybercriminal group believed to be active in Russia.
Immediately after discovering the ransom memo, Brant said the employee notified his boss and decided to immediately shut down the entire pipeline.
“At around 5:55 am, employees started the shutdown process,” Brownt wrote. “By 6:10 am, we confirmed that all 5,500 miles of pipelines had been closed.”
The decision to shut down the entire pipeline is based on the request that “attacks must be quarantined and contained to prevent malware from spreading to the operational technology networks that control the operation of the pipeline.”
The closure caused major disruptions to the gas supply above and below the east coast as trucks struggled to refill gas stations, creating long lines of pumps, especially in the southeast. The airline’s operations were also suspended.
Braunt’s testimony revealed how quickly the company decided to shut down, revealing new details about the first few days of the attack.
The company believes the attackers “exploited a legacy virtual private network profile that they didn’t intend to use,” Braunt told Senator.
However, he admitted that the account was not protected by multi-factor authentication. Multi-factor authentication is now the standard for most businesses. However, according to Blount, passwords are complex. “It wasn’t a’colonial 123’type password.”
Blount also testified about the $ 5 million ransom the company paid to DarkSide hackers. He revealed that Colonial Pipeline paid the ransom one day after the attack.
“I decided that Colonial Pipeline would pay the ransom to provide all the tools to get the pipeline up and running quickly,” Brownt said in the opening statement. This was one of the most difficult decisions I had to make in my life. “
“At the time, I kept this information secret because I was concerned about operational security and minimizing the promotion of threat actors,” he said.
In response to a question about whether the company paid a ransom to a company under U.S. sanctions, Braunt said the company reviewed the list of sanctions managed by the Office of Foreign Assets Control before making the payment. T.
The day before Braunt testified, U.S. law enforcement officials said Get back $ 2.3 million in Bitcoin from hacker groups..
Braunt told Senator that the company contacted the FBI within hours of discovering the attack.
This story will be updated through the Senate hearing.
The CEO told the Senate that the Colonial Pipeline paid a ransom of $ 5 million the day after the hack.
Source link The CEO told the Senate that the Colonial Pipeline paid a ransom of $ 5 million the day after the hack.