Colonial Pipeline CEO admits to authorizing $4.4 million ransomware payment

Washington (CNN)Colonial Pipeline CEO Joseph Blount said he authorized a ransom payment of $4.4 million in response to a cyberattack on the company's network earlier this month, according to The Wall Street Journal, which published an interview with the CEO Wednesday.


By Geneva Sands, CNN


This is the first public announcement by the company that a ransom had been paid and comes after repeated refusals from the company to discuss the payment, which Blount called "a highly controversial decision."


"It was the right thing to do for the country," he told The Wall Street Journal. "I didn't make it lightly. I will admit that I wasn't comfortable seeing money go out the door to people like this."


CNN reported last week that Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter said. The ransomware attack spurred the company to shutdown pipeline operations, causing massive gasoline disruptions in the southeast US.


Colonial employees did not have any direct contact with the threat actor, according to a Colonial spokesperson. It's unclear who negotiated the payment.


Colonial Pipeline briefed congressional staff on Monday, offering new insight into the timeline of the ransomware attack, but also frustrating lawmakers and staff over the company's refusal to discuss the ransom and related details.

Colonial Pipeline briefed congressional staff on Monday, offering new insight into the timeline of the ransomware attack, but also frustrating lawmakers and staff over the company's refusal to discuss the ransom and related details.


Democratic Reps. Carolyn Maloney of New York, the chairwoman of the House Oversight and Reform Committee, and Bennie Thompson of Mississippi, the chairman of the Homeland Security Committee, said they were "disappointed that the company refused to share any specific information regarding the reported payment of ransom during today's briefing."


"In order for Congress to legislate effectively on ransomware, we need this information," they added in a statement.


A representative for Colonial told congressional staff that special attention to the ransom would encourage future attacks and therefore did not want to discuss the topic, according to a Hill aide.


The Colonial briefing, which was led by company CIO Marie Mouchet, came a little more than a week after the company first learned of the ransomware attack on May 7, the aide said.


Colonial found out about the cyberattack around 5:30 a.m., prompting a call to FireEye Mandiant, the company hired for the incident response to the hack, according to the aide, followed by a call to the FBI.