Blount admitted last month that he authorized a ransom payment
の $ 4.4 百万, それを “highly controversial decision
,” in an interview at the time
“I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,” he told The Wall Street Journal.
The FBI and Department of Homeland Security recommend against paying ransom because of the potential to encourage additional attacks. Payment also does not guarantee that a victim’s files will be recovered.
In the case of Colonial, it appears the company’s notification to the FBI helped investigators track down and seize approximately $ 2.3 million in Bitcoins that had been paid to the criminal group — a rare outcome for a company that has fallen victim to ransomware.
US authorities previously attributed the pipeline attack to DarkSide
, a hacking group linked to Russia that emerged last summer offering ransomware as a service to so-called affiliates
Blount is scheduled to address lawmakers twice this week, where he will likely be questioned about the payment decision, as well as the cyber security standards the pipeline had in place prior to the attack.
彼 testifies first before the Senate Homeland Security and Governmental Affairs Committee on Tuesday
, and again before the House Homeland Security Committee Wednesday
週末に, Energy Secretary Jennifer Granholm said she would be open to a law that bans the payment of ransom, but she said it’s unclear if Congress or President Joe Biden agree.
“I think that we need to send this strong message that paying a ransomware only exacerbates and accelerates this problem,” she told NBC’s “Meet the Press.”
The hearing also follows Colonial’s revelation that ransomware attackers gained access to the company’s computer networks in April using a compromised password
The password had been linked to a disused virtual private networking account used for remote access, and the account was not guarded by an extra layer of security known as multi-factor authentication, the cybersecurity firm hired by Colonial confirmed to CNN.
Bloomberg first reported the password vulnerability following interviews with Blount and Charles Carmakal
, senior vice president at Mandiant
— the forensic division of the cybersecurity firm FireEye
It is still unclear how the attackers obtained the compromised credential.
US authorities later said that while the attack compromised Colonial’s IT systems, there was no evidence that its operational systems had been affected.
As part of the Biden administration’s effort to grapple with the threat from ransomware
, インクルード Transportation Security Administration issued a security directive last month mandating that critical pipeline operators comply with several cybersecurity measures
, 内の部門へのサイバーセキュリティインシデントの報告を含む 12 hours and designating a
“24/7, always available
” cybersecurity coordinator
The cyberattack on Colonial exposed how ransomware, which is primarily a criminal, profit-driven enterprise, “can rise to the level of posing a national security risk and disrupt national critical functions,” a DHS official said when the directive was announced.
The top lawmakers on the Senate Homeland Committee
, 意味. Gary Peters
, a Michigan Democrat
, and Rob Portman
, an Ohio Republican
, introduced legislation in April that would establish a cyber response and recovery fund to help companies recover from significant cyber attacks
“Our nation is increasingly vulnerable to cyberattacks every day
, as the Colonial Pipeline ransomware attack showed
. Cyberattacks are getting worse and more frequent while the government and critical infrastructure are more dependent on information technology
,” Portman said in a statement last month