House Speaker Nancy Pelosi, D-Calif., said Thursday that companies impacted by ransomware attacks should not pay money to hackers, following reports Colonial Pipeline made a payment to regain access to some of its systems.
Colonial Pipeline resumed operations Wednesday evening after shutting down for several days to address the system breach. When asked about the incident, Pelosi asserted that ransom payments would set a dangerous precedent amid a rise in cybersecurity incidents.
"The point is that we don’t want people to think that there’s money in it for them to threaten the security of critical infrastructure in our country," Pelosi said.
Colonial Pipeline officials have yet to publicly address whether the company made ransom payments to the hackers. Bloomberg reported that Colonial paid nearly $5 million in cryptocurrency shortly after the hack occurred.
The company noted that it would take several days to return to normal operations following the restart. The incident triggered instances of panic-buying throughout the southeast. The pipeline supplies nearly half of the eastern seaboard’s fuel supply.
The FBI attributed the ransomware attack to a hacking group called DarkSide.
Pelosi suggested that lawmakers should seek to address hacks such as the Colonial Pipeline with legislation, given the potential impact to national security and the economy.
"This cannot be open season for hackers who can make money off a threat, even if they don’t go as far as crippling the entity, as with Colonial, they did not," Pelosi said. "It has to be subject to review. I don’t know what the conversations were with the management of Colonial, but I do think there is a governance role with how we protect our people and our economy from these hackers."