It may not be the strongest of defenses, but it was the best that the CEO of Colonial Pipeline had to offer on Tuesday. Addressing a Senate panel over the hacking that shut down the flow of gasoline to parts of the US last month, Joseph Blount acknowledged that hackers got hold of a single password to gain control of the company's systems. “It was a complicated password," Blount told senators, per the Washington Post. "I want to be clear on that. ... It was not a ‘colonial123’ type password." It didn't help, however, that the company didn't use multi-factor authentication, a basic safety protocol. Blount pledged to senators that Colonial now follows cybersecurity procedures "almost to a T."
Blount also defended his decision to pay the hackers more than $4 million in cryptocurrency to help get the company's systems running again, reports CNN. It was a desperate decision at a desperate time, he said. "When you have a critical asset like this, you've got to focus on what is the best opportunity of options you have in front of you to take avail of, and in that case, it was to get the encryption tool, and to get our information back." He also acknowledged that while the company paid $40 million a year for cybersecurity protection, it didn't have a plan in place to respond to a ransomware attack. (The FBI has retrieved most of the ransom that was paid in Bitcoin.)