The Colonial Pipeline Co. ransomware story has taken a new twist, as the company reportedly paid the ransom following a ransomware attack last Friday.
Despite claiming that it would be more careful in the future and not target companies in ways that cause “problems for society,” the DarkSide ransomware group came out the winner of an apparent $5 million ransom.
Bloomberg reported today that Colonial paid the ransom on Friday, the same day the pipeline firm reportedly first detected the ransomware attack despite claims by the company that it would not pay up. The report also said Colonial made the ransom payment using a “difficult-to-trace cryptocurrency” — likely Monero — hours after it detected the attack. According to the report, Colonial knew what would happen if it didn’t pay up.
Presuming the report is right, the Biden administration also knew that Colonial paid the ransom. U.S. President Joe Biden signed a cybersecurity-related executive order Wednesday that aims to strengthen cybersecurity defenses, although it would have arguably not have made a difference to Colonial Pipeline if it had come a week or even a year earlier.
The Bloomberg report added that DarkSide did provide a decrypting tool after the ransom was paid but the tool was so slow that the company continued using its own backups to help restore its systems.
“Paying the ransom is sometimes an option but it is high risk,” Charles Brook, threat intelligence specialist at enterprise email security software provider Tessian Ltd., told SiliconANGLE. “You should always work with a security consultant to advise on the whole process and handle the negotiations — ideally have one on retainer — and you should inform law enforcement.”
For most ransomware, he added, it’s in the attackers’ interest to provide decryption keys upon receiving payment. “This means they maintain a good reputation, which can promote further payouts by other victims and lead to increased financial gain for the attacker,” he said.
Brook also said there’s a risk that if data was stolen, ransomware gangs may ask for more money. “Sometimes, you may never receive a decryption key and attackers will just continue to ratchet up the price to see how much they can get from you,” he said.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.