President Joe Biden refused to say whether he was aware Colonial Pipeline paid more than $4 million to hackers after a major cyberattack that crippled the company’s operations, on the heels of several reports alleging the payment.
When asked by reporters if he was briefed about the company paying the ransom, Biden replied, “I have no comment on that” during an event at the White House to discuss the pipeline disruption and gas shortage.
White House press secretary Jen Psaki also refused to comment when asked if the administration knew about the company paying the ransom.
“I’m just not going to have any more on that,” she replied during the White House daily press briefing.
She said the federal government recommended private companies not to pay ransoms to hackers, but punted questions about the reported payment to Colonial Pipeline.
“It continues to be the position of the federal government, the FBI, that it is not in the interests of the private sector for companies to pay the ransom because it incentivizes these actions,” Psaki said.
Citing two anonymous sources said to be familiar with the transaction, Bloomberg first reported on Thursday that Colonial coughed up just shy of $5 million worth of cryptocurrency to hackers sometime after it was hit by a major cyberattack earlier this month, causing a full-scale shutdown of the country’s largest pipeline network.
Colonial, too, has so far refrained from weighing in, declining multiple requests for comment from the media after denying any payment was made earlier this week.
Sources cited by the New York Times, CNBC, and Fox News alleged to corroborate the Bloomberg story, each putting the purported ransom between $4 and $5 million, with the Times specifying Bitcoin as the crypto used. It is unclear when the ransom would have been paid.
The pipeline firm announced that it had resumed operations on Wednesday evening after discussions with the Biden administration. It warned that supply-chain issues would still take several days to resolve. The halt triggered a spate of panic buying across the United States, as well as soaring fuel prices and emergency declarations in Florida, Georgia, Virginia, and North Carolina — the states most reliant on Colonial’s network.
The attack against the Colonial Pipeline led to the shutdown of 5,500 miles of pipeline carrying roughly 45 percent of fuel supplies for the entire East Coast.
“This threat is not imminent,” said Secretary of Homeland Security Alejandro Mayorkas on Tuesday. “It is upon us.”
Colonial has acknowledged that its computer networks were hit by a ransomware attack — in essence, an attack in which a hacker or criminal group breaks in and encrypts the contents of a victim’s computers until a ransom is paid.
Chris Krebs, formerly the top cybersecurity official at the Department of Homeland Security, described cyberattacks as a looming “digital pandemic, driven by greed, a vulnerable digital ecosystem and an ever-widening criminal enterprise” during testimony before Congress on May 5.
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory in the aftermath of a devastating ransomware attack on Colonial Pipeline.
“Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data,” the alert says. “Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy.”
“CISA and the FBI do not encourage paying a ransom to criminal actors,” the agencies added. “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”
The Biden administration has taken some action following the attack. On Wednesday, Biden signed an executive order to take a range of actions that are believed would make it more difficult for hackers to successfully compromise federal agencies.
“Private entities are in charge of their own cybersecurity,” Biden said Thursday. “We know what they need, they need greater private sector investment in cybersecurity.”
This kind of handling of the attack on a company that provides vital services to the public seems to be sending a dangerous message to the malicious actors around the world. It is unknown what conversations took place between administration officials and Colonial Pipeline, but the White House’s public effort to distance itself from the cyberattack is an indication that Biden’s administration might very well have left the pipeline to fend for itself. Seeing how easily American energy infrastructure folded and how little the federal government seemed to care may encourage more criminal attacks.
Much more aggressive stance against cyberattacks on critical infrastructure is needed, many believe. Former House Speaker Newt Gingrich called for legislation to elevate cyberattacks to the same level as terror attacks.
“We ought to pass a law immediately that makes this kind of hacking subject to a death penalty, and the law should include a provision that the president, through a judicial process, should be able to order the killing of anybody overseas who’s doing this,” Gingrich said. “A great country cannot allow people to come in and savage it, have no consequences, and then wait for the next attack, and yet that literally is where we are right now.”