Colonial Pipeline had no specific plan for what to do in the event of a ransomware attack, its CEO says.
Testifying before the Senate Homeland Security and Governmental Affairs Committee, CEO Joseph Blount admitted that while his company had some basic cybersecurity plans in place, it had had"no discussion about ransom" before the attack.
A Russian criminal hacker group called DarkSide infected Colonial in May. Blount shut down all operations for five days while it tried to safely get back online, and the fallout resulted in gasRansomware attacks, where hackers breach an organization's computer networks and encrypt its files or threaten to leak them to the public, have steadily grown in number for several years. Often based in Russia or other countries that don't have an extradition treaty with the U.S.
In the hearing, Blount also confirmed previous reporting that the hackers broke into Colonial by hacking into an older account that did not use two-factor authentication, meaning that it was protected by only a password. A basic and often essential cybersecurity step, two-factor authentication requires someone trying to log in to prove they have a second way of verifying their identity besides just that password, such as access to a smartphone associated with that account.
The CEO also defended his decision to pay the hackers $4.4 million in bitcoin for a decryptor program, even though Colonial eventually restored its systems by using its own backups.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
One password allowed hackers to disrupt Colonial Pipeline, CEO tells senatorsThe head of Colonial Pipeline told U.S. senators on Tuesday that hackers who launched last month's cyber attack against the company and disrupted fuel supplies to the U.S. Southeast were able to get into the system by stealing a single password.
Read more »
Colonial Pipeline CEO says no one 'wants to know' results if ransom wasn't paid to hackers'That's an unknown we probably don't want to know. And it's an unknown we probably don't want to play out in a public forum,' Colonial Pipeline CEO Joseph Blount said about the attack.
Read more »
Pipeline CEO says compromised password 'wasn't just Colonial123'Colonial Pipeline's CEO told the Senate that the company's password that was hacked in a ransomware attack last month 'wasn't just Colonial123'
Read more »
Richard Robinson, longtime Scholastic CEO, dies at 84Richard Robinson, who as the longtime head of Scholastic Inc. shaped the reading habits of millions of young readers through such bestsellers as J.K....
Read more »
Richard Robinson, Longtime CEO Of Scholastic, Dies at 84Richard Robinson, longtime CEO of children’s publishing giant Scholastic, has died at 84. The publishing house announced that Robinson died Saturday, but did not release further details. The publis…
Read more »