One day after Colonial Pipeline confirmed an all-new system outage that the US fuel company stressed was not a product of some new hacking attack on the company, Colonial CEO Joseph Blount dropped a bombshell in an interview with The Wall Street Journal.
Back on May 7, an employee of the fuel company discovered a ransom note from the DarkSide gang of extortionists early in the day, setting this whole chain of events in motion. And by the evening, Blount now confirms, he had already made the decision that the company would pay up, agreeing to fork over the ransom payment of $4.4 million — since at that point, Colonial couldn’t be certain how deep the hackers had burrowed into their system. Blount acknowledged in this interview, his first since the catastrophe unfolded earlier this month, that the payment was a controversial move — indeed, law enforcement officials frown on this, and plenty of cybersecurity journalists have gone on to lament that Colonial’s actions will embolden other ransomware perpetrators — but Blount is adamant: “I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”
To be sure, reasonable people can disagree about the veracity of that statement. Was it the right thing to do? Well, it turns out that the DarkSide hackers gave Colonial a decryption tool that didn’t work so well, in exchange for the payment — and, in fact, that shoddy tool left the pipeline operator forced to set about recovering its network almost the same as if it hadn’t paid up at all.
Moreover, crowdsourced data from GasBuddy reveals that at least a dozen states suffered fuel outages of some kind, even after Colonial said it had resumed normal operations over the weekend. As if that wasn’t enough, the whole affair also nearly took the US to the brink of a major national energy crisis, based on a confidential analysis from the US Energy Department as well as the national Homeland Security Department. According to New York Times reporting, both of those agencies surmised that a cascade of bad outcomes was about to unfold, if the Colonial Pipeline outage had gone on a little longer. Just a few more days of the pipeline’s operational network being offline, for example, and the lack of diesel would have forced buses and various mass transit options to shut down, for one thing. And the domino effect would have also included factories and refiners likewise being put on ice — because a continued shutdown of Colonial’s network would have left them with nowhere to distribute their product.
This all comes in the wake of the DarkSide ransomware gang apparently feeling some repercussions of their own from the Colonial Pipeline attack. Someone from a rival ransomware gang reportedly left a message on a dark web forum in recent days that said the DarkSide founders had lost access to the site which they used to host and publish stolen data from their victims. Other infrastructure, such as their payment server, was also supposedly taken away from the DarkSide ring. There’s some question over the legitimacy of these claims, however.
In related news, Colonial Pipeline confirmed that it had suffered another network outage on Tuesday in the midst of trying to recover from the ransomware attack. However, the company stressed that there wasn’t anything nefarious behind this new problem — even though in a roundabout way it is, indeed, a kind of byproduct of the previous attack. “Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process,” Colonial Pipeline said in a statement. “These issues were not related to the ransomware or any type of reinfection.”
