Tech News

Colonial Pipeline paid a $ 5 million ransom and turned the vicious cycle around

[ad_1]

Take a week after a the ransomware attack led to the Colonial Pipeline ra stop fuel distribution on the east coast, reports were created on Friday, the company paid a 75-bitcoin ransom — valued at $ 5 million at the time of payment — in an attempt to get the service back faster. And while the company was able to restart operations Wednesday night, the decision to give up the hacker’s demands will push other groups forward. Experts say real progress against the ransomware epidemic will require more companies to say no.

Doing so does not mean that it is not easy. The FBI and other law enforcement groups have long recommended that ransomware victims pay digital extortion fees, but in practice many organizations tend to pay them. Otherwise they don’t have the backups and other infrastructure needed to recover, they can’t or don’t want to take the time to recover on their own, or they’ve decided that it’s cheaper to pay the bailout quietly and move on. Ransomware groups more and more vet subsidies for victims before the traps are set upallowing them to set the highest price that victims can still afford.

In the case of Colonial Pipeline, the DarkSide ransomware team attacked the company’s business network rather than the more sensitive networks of operating technologies that control the pipeline. But Colonial also removed its OT network in an attempt to contain the damage, increasing the pressure and increasing pressure to restore fuel flow on the east coast. Another potential decision factor, the first reported According to Zero Day, the company’s billing system was tainted with ransomware, so there was no way to track fuel distribution and customer billing.

Proponents of zero tolerance for bailout payments hoped the proactive closure of Colonial Pipeline would be a sign that the company would refuse to pay. Reports stated on Wednesday that the company wanted to hold on, but numerous subsequent reports on Thursday Head of Bloomberg, confirmed that 75 bitcoin bailout has been paid. Colonial Pipeline has not returned a request for comment from WIRED regarding the payment. It is still unclear whether the company paid for the purchase after the attack or a few days later, as fuel prices rose and gas station lines increased.

“I can’t say I’m surprised, but it’s disappointing,” says Brett Callow, a threat analyst at Emsisoft’s anti-virus company. “Unfortunately, it will help cross-border critical infrastructure providers in the United States. If a sector proves profitable, they will continue to do so.”

Speaking on Thursday, White House press secretary Jen Pskai stressed in general that the U.S. government encourages victims not to pay. Others in the administration got a more measured note. “Colonial is a private company and we will delay information about the decision to pay them a ransom,” Anne Neuberger, deputy national security adviser for cybernetics and emerging technologies, said at a news conference Monday. He added that victims of ransomware are “in a very difficult situation and often have to balance the cost-benefit when they are unable to pay the ransom.”

Researchers and policymakers have sought to provide comprehensive guidance on rescue payments. If all the victims in the world suddenly stopped paying bailouts and held firm, the attacks would stop quickly because there would be no incentive for criminals to continue. But coordinating the forced boycott seems impractical, the researchers say, and is likely to make more payments secretly. When the ransomware gang Evil Corp attacked Garmin last summer, company he paid the ransom through an intermediary. It’s not uncommon for large companies to use it to pay a broker, but Garmin’s situation was particularly noteworthy because Evil Corp was sanctioned by the U.S. government.

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button