Colonial Pipeline paid a $ 5 million ransom and turned the vicious cycle around
Take a week after a The ransomware attack led to the Colonial Pipeline ra stop fuel distribution on the east coast, reports were created on Friday, the company paid a 75-bitcoin ransom — worth $ 5 million, depending on the time of payment — in an attempt to restore service faster. And while the company was able to restart operations Wednesday night, the decision to give in to the hacker’s demands will push other groups forward. To make real progress against the ransomware epidemic, experts say more companies will have to say no.
Doing so does not mean that it is not easy. The FBI and other law enforcement groups have long recommended that ransomware victims pay digital extortion fees, but in practice many organizations tend to pay them. Otherwise they don’t have the backups and other infrastructure needed to recover, they can’t or don’t want to take the time to recover on their own, or they’ve decided that it’s cheaper to pay the bailout quietly and move on. Ransomware groups more and more vet subsidies for victims before the traps are set upallowing them to set the highest price that victims can still afford.
In the case of Colonial Pipeline, the DarkSide ransomware team attacked the company’s business network rather than the pipeline-controlled operating network. But Colonial also removed its OT network in an attempt to sustain the damage, increasing the pressure and increasing pressure to restore fuel flow on the east coast. Another potential decision factor, the first reported according to Zero day, the company’s billing system was contaminated with ransomware, so it had no way to track fuel distribution and customer billing.
Proponents of zero tolerance for bailout payments hoped the proactive closure of Colonial Pipeline would be a sign that the company would refuse to pay. Reports stated on Wednesday that the company wanted to hold on, but numerous subsequent reports on Thursday directed Bloomberg, confirmed that 75 bitcoin bailout has been paid. Colonial Pipeline has not returned any comment requests Cable about payment. It is still unclear whether the company paid for the purchase after the attack or a few days later, as fuel prices rose and gas station lines increased.
“I can’t say I’m surprised, but it’s disappointing,” says Brett Callow, a threat analyst at Emsisoft’s anti-virus company. “Unfortunately, it will help the U.S. critical infrastructure provider cross over. If it proves a sector is profitable, they will continue to play it safe.”
In a statement on Thursday, White House press secretary Jen Pskai generally stressed that the U.S. government is encouraging victims not to pay. Others in the administration got a more measured note. “Colonial is a private company and we will postpone information about the decision to pay them a ransom,” Anne Neuberger, deputy national security adviser on cybernetics and developing technologies, said at a news conference Monday. He added that victims of rescue software “are in a very difficult situation and often have to balance the cost benefit when they have no choice but to pay the ransom.”
Researchers and policymakers have sought to provide comprehensive guidance on rescue payments. If all the victims in the world suddenly stopped paying bailouts and held firm, the attacks would stop quickly because there would be no incentive for criminals to continue. But coordinating a forced boycott seems impractical, researchers say, and is likely to make more payments secretly. When the ransomware gang Evil Corp attacked Garmin last summer, company he paid the ransom through an intermediary. It’s not uncommon for large companies to use it to pay a broker, but Garmin’s situation was particularly noteworthy because Evil Corp was sanctioned by the U.S. government.