WASHINGTON—The chief executive of the pipeline company hit in a multimillion-dollar ransomware attack last month is expected to testify Tuesday on Capitol Hill about the company’s cybersecurity practices and its decision to pay the hackers.
Joseph Blount of Colonial Pipeline Co. is scheduled to appear before the Senate Homeland Security Committee, roughly one month after his company suffered a ransomware attack on its business computer systems. The attack prompted Colonial Pipeline to shut down the 5,500-mile pipeline pumping gasoline, diesel, jet fuel and other refined products from the Gulf Coast to Linden, N.J.
On Monday, the Justice Department said authorities had recovered roughly $2.3 million in digital currency paid to the hackers, a suspected Russian gang known as DarkSide.
The Colonial stoppage spurred a run on gasoline along parts of the East Coast that pushed prices to the highest levels in more than six years, leaving thousands of gas stations without fuel. The attack has prompted senior Biden administration officials to warn that ransomware represents an elevated national security risk.
Mr. Blount told The Wall Street Journal last month that his company paid a $4.4 million ransom to the hackers because executives were unsure how badly the cyberattack had breached its systems.
The FBI officially discourages victims from paying ransoms because doing so can fuel a booming criminal marketplace and often won’t lead to a restoration of systems. Mr. Blount said in the interview that doing so was “the right thing to do for the country.”
Digital extortion schemes have become so lucrative that they now routinely tally into the tens of millions of dollars, according to U.S. officials and security companies that track ransomware.
Senior U.S. officials have acknowledged that companies often have little choice but to pay steep ransoms, especially if their systems aren’t securely backed up. But some lawmakers have said in recent weeks they may be open to considering legislation that could make payments in some cases illegal, or requiring companies to disclose when they make a ransom payment to hackers.
Energy Secretary Jennifer Granholm said Sunday on NBC’s “Meet the Press” that she would support a ban on ransomware payments.
SHARE YOUR THOUGHTS
Do you think it’s a good idea for companies to pay a ransom? Join the conversation below.
“I don’t know whether Congress or the president is at that point,” said Ms. Granholm, the most senior administration official to endorse such a proposal. “We need to send this strong message that paying a ransomware only exacerbates and accelerates this problem. You are encouraging the bad actors when this happens.”
Tuesday’s hearing has taken on geopolitical import. President Biden is due to meet with Russian President Vladimir Putin next week and has said he intends to discuss ransomware attacks from Eastern European gangs as a top area of concern.
Write to Dustin Volz at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
