Wired: Colonial Pipeline’s Ransomware Payoff Keeps Infrastructure ‘in the Crosshairs’

  • by:
  • Source: Breitbart
  • 05/14/2021
A recent report from Wired reveals that a week after a ransomware attack shut down Colonial Pipeline halting fuel distribution on the East Coast, the company paid a reported $5 million dollar ransom to regain control of their systems and resume operations. The payoff may lead to future ransomware attacks, as one expert notes: “Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

Wired reports in an article titled “Colonial Pipeline Paid a $5M Ransom—and Kept a Vicious Cycle Turning,” that a week after a ransomware attack that shut down Colonial Pipeline and halted the distribution of fuel on the East Coast, Colonial Pipeline paid hackers in order to regain access to their systems.

The Colonial Pipeline reportedly paid 75 Bitcoins, or around $5 million, to gain access to their systems again. The FBI discourages paying off ransomware hackers, but organizations continue to do so to regain access to hacked systems.

Wired writes:
 
Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coast, reports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night, the decision to give in to hackers’ demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don’t have the backups and other infrastructure necessary to recover otherwise, can’t or don’t want to take the time to recover on their own, or decide that it’s cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims’ financials before springing their traps, allowing them to set the highest possible price that their victims can still potentially afford.

In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company’s business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, firstreported by Zero Day, was that the company’s billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.

 

Wired reports, as Breitbart News noted earlier this week, that ransomware attacks continue to happen because they are very profitable for the hackers. The outlet quotes Brett Callow, a threat analyst at antivirus company Emsisoft, who said: “I can’t say I’m surprised, but it’s certainly disappointing. Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

Morgan Wright, the Chief Security Advisor at SentinelOne and former Senior Advisor of the U.S. State Department and the Anti-Terrorism Assistance Program, appeared on Breitbart News Daily recently to speak with Breitbart News Editor-in-Chief and host of Breitbart News Daily, Alex Marlow. The key topic of the day was the rise in ransomware attacks and the recent cyber attack on the Colonial Pipeline.