WASHINGTON — Colonial Pipeline's CEO told a Senate committee on Tuesday the company paid the $5 million ransom one day after Russian-based cybercriminals hacked its IT network, crippling fuel deliveries up and down the East Coast.
Joseph Blount Jr. told members of the Senate Homeland Security and Governmental Affairs Committee in prepared remarks that the company learned of the attack shortly before 5 a.m. on May 7, when an employee discovered a ransom note on a system in the IT network.
The note said hackers had "exfiltrated" material from the company's shared internal drive, and it demanded approximately $5 million in exchange for the files.
The company was attacked by a ransomware program created by DarkSide, a cyber criminal group believed to operate out of Russia.
Blount said that shortly after discovering the ransom note, the employee notified a supervisor and the decision was made to immediately shut down the entire pipeline.