Colonial Pipeline paid hackers a $4.4 million ransom to regain control of its computer systems and restart fuel delivery to the East Coast, the company’s chief executive said Wednesday.

In an interview with the Wall Street Journal, Colonial CEO Joseph Blount said the decision to pay off a hacking group was “the right thing to do for the country.” He acknowledged the payment was “highly controversial,” since federal officials largely encourage companies not to incentivize further cyberattacks by compensating bad actors.

But Blount said the payment was necessary given the essential nature of the company’s infrastructure. The pipeline supplies almost half of the East Coast’s fuel and almost immediately, the stoppage set off waves of panic buying. He said it was also not immediately clear how far hackers had reached into Colonial’s network and what other systems were at risk.

The Colonial chief executive’s comments clarify conflicting accounts last week of the company’s actions. The Washington Post initially reported that Colonial had no plans to pay the ransom, but other news outlets later reported that Colonial did pay. The Post later confirmed that report, citing one U.S. official. The company and federal officials refused to clarify the matter publicly last week.

Blount decided to pay the ransom almost immediately, he told the Journal.

“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”

Federal officials have linked the attack to the outfit DarkSide, a Russian-based black hat group responsible for $46 million in ransom payments in 2021 alone, according to researchers.

DarkSide last week said it was shutting down “due to the pressure from the U.S.” in a message sent Thursday to partners in its ransomware business, according to a blog post by Intel 471, a cybercrime intelligence firm.

But some security experts warned that the group may be trying to ride out the storm. Such hacking groups frequently disperse after high-profile operations, especially after receiving a ransom, experts say, and later reemerge with a new identity.

The pipeline resumed full operations on May 13, Colonial officials said. By that point, gas prices had already skyrocketed in some areas. The nationwide average cost of a gallon of gasoline jumped from $2.96 the day of the cyberattack to $3.04, according to GasBuddy. In Washington, D.C., where more than half of service stations remain without fuel, prices jumped to $3.10 per gallon.

Blount said Colonial’s operational systems were not affected, but it halted fuel service out of an abundance of caution. It sent staff to travel the length of the 5,500-mile pipeline to inspect for physical damage and positioned 300 workers along the route to secure the infrastructure.

Colonial told employees not to log on to the company’s corporate network as executives rushed to contact federal officials at the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The Energy Department took the lead in coordinating the federal response, Blount said, with Secretary Jennifer Granholm and Deputy Secretary David Turk in regular contact with company executives.


A previous version of this story misstated the length of the Colonial Pipeline. It is 5,500 miles.