Colonial Pipeline paid ransomware hackers $5 million, U.S. official says

  

Category:  News & Politics

Via:  perrie-halpern  •  one month ago  •  33 comments

By:   Julia Ainsley and Kevin Collier

Colonial Pipeline paid ransomware hackers $5 million, U.S. official says
Colonial Pipeline paid the hackers who shut down some of its networks nearly $5 million in ransom, a U.S. official familiar with the matter said Thursday.

S E E D E D   C O N T E N T



Colonial Pipeline paid the hackers who shut down some of its networks nearly $5 million in ransom, a U.S. official familiar with the matter said Thursday.

News of the payment was first reported by Bloomberg. The U.S. official did not say how or when the company paid.

Colonial, which operates the country's largest fuel pipeline, announced it had been hacked Friday, and shut down all four of its major pipelines that serve the Eastern and Southeastern United States as a precaution. Gas prices rose, and some stations ran out of fuel. The Department of Transportation issued an emergency order allowing truckers driving fuel in affected states to work longer hours than federal regulations normally allow.

A third-party consulting company that now handles Colonial's press inquiries declined to comment on the payment.

The company announced Wednesday that it was resuming operations.

The FBI has historically discouraged, but not prohibited, American ransomware victims from paying hackers, as a payment isn't guaranteed to work and can encourage criminals to continue attacking others. In a press conference Monday, Anne Neuberger, the White House's deputy national security adviser for cyber and emerging technologies, acknowledged that some organizations might find paying the criminals off can be in their best interest.

"We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data," she said.

Speaking to MSNBC's Andrea Mitchell on Thursday, Neuberger said the White House's advice remains that victims do not pay the ransom.

"The federal government, we discourage the payment of ransoms, because the prolific payment of ransoms encourages ransomware."

The hackers, known as DarkSide, are one of a number of ransomware groups that hold organizations' files hostage and demand a payment, either by locking their files and making them unusable or threatening to release them to the public.

DarkSide, like many ransomware gangs, are believed to operate in Russia, and their ransomware program is designed to shut down if they infect computers that work in the Russian language.

President Joe Biden said Monday that U.S. intelligence believes DarkSide to be operating within Russia's borders, and that while it didn't appear to be directed by the Russian government, he is "going to have a conversation" with Russian President Vladimir Putin about such groups. "They have some responsibility to deal with this," he said.

DarkSide in particular is notorious for providing victims who pay with a decryption program that works painfully slowly, said Brett Callow, an analyst at the cybersecurity firm Emsisoft.

Colonial retained the cybersecurity company Mandiant to deal with the attack. Mandiant doesn't directly pay ransomware gangs on clients' behalf, a spokesperson for the company said, but acknowledges victims can choose to do so.


Tags

jrDiscussion - desc
[]
 
Buzz of the Orient
Professor Principal
1  Buzz of the Orient    one month ago

I can't believe that there isn't a computer genius in America who couldn't reverse what the DarkSide did.  I'm sure I'm in a very small minority who considers the internet to be a curse on humanity. 

 
 
 
Ronin2
Masters Quiet
1.1  Ronin2  replied to  Buzz of the Orient @1    one month ago

You haven't heard of honor among hackers? Most of the time they are showing off for each other.  Hacking, like online gaming, is the one thing that transcends borders.

 
 
 
Buzz of the Orient
Professor Principal
1.1.1  Buzz of the Orient  replied to  Ronin2 @1.1    one month ago

Some tribes of Native Americans can transcend the border between Canada and the USA.

 
 
 
evilgenius
Professor Participates
1.2  evilgenius  replied to  Buzz of the Orient @1    one month ago
I can't believe that there isn't a computer genius in America who couldn't reverse what the DarkSide did. 

I have no knowledge of Colonial's network infrastructure or practices. As a general rule of thumb businesses must be fanatical about updating and securing the network first to keep out hackers. There are ONLY two ways to reverse a ransomware hack. The first and quickest way is to pay. The second is to pull all the hard drives from every effected computer on the network and restore on clean drives from backup. If you don't have full off network backups you're often screwed. Just a guess, but it's quite probable Colonial was using proprietarily software developed just for their specific operation and only had data backups and not full operational backups. You would be talking years to get something back up and running from scratch.

 
 
 
Buzz of the Orient
Professor Principal
1.2.1  Buzz of the Orient  replied to  evilgenius @1.2    one month ago

So computerization can also mean victimization.  Please, Scotty, beam me back to the early 1950s when I learned to drive a car with no computer chips that made me do the work and use my brains.

 
 
 
MsAubrey (aka Ahyoka)
Sophomore Principal
1.2.2  MsAubrey (aka Ahyoka)  replied to  Buzz of the Orient @1.2.1    4 weeks ago

That's why I'm teaching my kids how to drive my 2012 Fiesta with a manual trans... there's no "lane change assist," there's no parallel park assist, there's no auto braking... and I'll be taking them out in my husband's 73 Ford F100 in the winter too!!!

 
 
 
Ozzwald
Professor Quiet
1.3  Ozzwald  replied to  Buzz of the Orient @1    one month ago
I can't believe that there isn't a computer genius in America who couldn't reverse what the DarkSide did.

Ransomware uses encryption on the hard drives.  Anyone could undo what was done, as long as they knew the encryption code.  Unfortunately, the only one who knows that code, would be the person demanding the money.  And no, there is not a single generic code, the code can be as long or short as they choose to make it, and would be different every time used.

Once quantum computing is up and running, the encryption will be able to be broken fairly easily, but we are still years, if not decades, from quantum computing being advanced enough, and available enough, for that.

 
 
 
Buzz of the Orient
Professor Principal
1.3.1  Buzz of the Orient  replied to  Ozzwald @1.3    one month ago

Makes the Trojan Horse a prediction.

 
 
 
MsAubrey (aka Ahyoka)
Sophomore Principal
1.4  MsAubrey (aka Ahyoka)  replied to  Buzz of the Orient @1    one month ago

My husband thinks that all computerization is an abomination. jrSmiley_80_smiley_image.gif

 
 
 
Buzz of the Orient
Professor Principal
1.4.1  Buzz of the Orient  replied to  MsAubrey (aka Ahyoka) @1.4    one month ago

Your husband deserves a medal.

 
 
 
MsAubrey (aka Ahyoka)
Sophomore Principal
1.4.2  MsAubrey (aka Ahyoka)  replied to  Buzz of the Orient @1.4.1    4 weeks ago

jrSmiley_86_smiley_image.gif

 
 
 
Hal A. Lujah
Professor Expert
1.5  Hal A. Lujah  replied to  Buzz of the Orient @1    one month ago

The moment technology advanced to the point that virtually anyone can communicate with anyone else in the world from the comfort of their lazy boy, humanity opened up a Pandora’s Box.  We went from 0 to 100 mph as a species in that instant, but nobody really knew how to drive the vehicle.  Now it’s just careening off of every guardrail.  If humans were as kind and trusting as dodo birds we’d be politely cruising alongside one another - but we never would have reached this milestone in the first place.

 
 
 
Buzz of the Orient
Professor Principal
1.5.1  Buzz of the Orient  replied to  Hal A. Lujah @1.5    one month ago

Yes, Pandora's box - a perfect analogy.  Frankenstein's Monster also comes to mind. 

 
 
 
Ronin2
Masters Quiet
2  Ronin2    one month ago
President Joe Biden said Monday that U.S. intelligence believes DarkSide to be operating within Russia's borders, and that while it didn't appear to be directed by the Russian government, he is "going to have a conversation" with Russian President Vladimir Putin about such groups. "They have some responsibility to deal with this," he said.

So Putin wasn't behind this? All of the calls for more sanctions and everything else against Russia were for nothing?  As for so slow foot Joe Biden talking to Putin trying to get Russia to take responsibility for this; does he know how many hacker groups operate within the US that aren't under the control of the US government?  So next time one of those groups goes after a corporation outside of US borders- the US government will be held responsible right? 

I am sure Putin will take anything Biden says under consideration for 2 or 3 seconds before making a list of his own demands. Like the US butt out of Syria, Ukraine, and every other Russian border state and former satellite. 

 
 
 
charger 383
PhD Quiet
3  charger 383    one month ago

How hard would it be for computer systems like these to be a closed system?  

 
 
 
evilgenius
Professor Participates
3.1  evilgenius  replied to  charger 383 @3    one month ago
How hard would it be for computer systems like these to be a closed system?  

Interesting question. If it's closed then no one get's email from outside the company. 

 
 
 
Ozzwald
Professor Quiet
3.2  Ozzwald  replied to  charger 383 @3    one month ago
How hard would it be for computer systems like these to be a closed system?

Air gapped systems are fine and wonderful, unless they need to access anything at all outside their own physical device.  As is there are monitors and controls outside the computer's physicality that need to be monitored, if that is controlled by 1 single computer, there would have to be thousands of miles of wiring connecting every gauge and control to that 1 single computer.  And that 1 computer would provide a single point of failure, since there are no backups in a closed system, unless more cables were run to any other computer in a closed system.  This may be possible for s system in the same locale, but not for something that controls thousands of miles of pipelines.

 
 
 
MsAubrey (aka Ahyoka)
Sophomore Principal
3.3  MsAubrey (aka Ahyoka)  replied to  charger 383 @3    one month ago

Can't do that with a supply chain.

 
 
 
Thrawn 31
Masters Guide
3.4  Thrawn 31  replied to  charger 383 @3    one month ago

Depending on the system and what it is supposed to do, easy to impossible.

 
 
 
TᵢG
Professor Principal
3.5  TᵢG  replied to  charger 383 @3    one month ago

There are all sorts of incredibly cool techniques for securing systems and all sorts of brilliant minds picking the locks.    But typically the hackers go after soft targets first (unless there are higher priorities to go after more hardened targets).

My guess is that this network was on the low side of security and was thus a soft target.   You know, basic 1980 password security.   I expect that they will bring in state-of-the-art cyber security firms to ensure (as best one can) that this does not happen again.

 
 
 
Thrawn 31
Masters Guide
3.5.1  Thrawn 31  replied to  TᵢG @3.5    one month ago

You would hope.

 
 
 
Hallux
Freshman Principal
4  Hallux    one month ago

Colonial Pipeline will easily re-coop the $5million and likely make an extra $5million on top. I'm sure they've mastered the 'art' of profiting from a loss.

 
 
 
Ozzwald
Professor Quiet
4.1  Ozzwald  replied to  Hallux @4    one month ago
Colonial Pipeline will easily re-coop the $5million and likely make an extra $5million on top. I'm sure they've mastered the 'art' of profiting from a loss.

If there is one thing the ransomware people have shown, it is a lack of extreme greed.  All money demands are small enough that the individual companies can easily absorb the cost. 

I've read about them from a few thousand for small businesses, to several million for large corporations, but never too much to make it infeasible to pay off easily.

 
 
 
Thrawn 31
Masters Guide
4.1.1  Thrawn 31  replied to  Ozzwald @4.1    one month ago

Not a bad model if you ask me. Odds are you will get paid and not bring too much heat down on yourselves.

 
 
 
MsAubrey (aka Ahyoka)
Sophomore Principal
4.1.2  MsAubrey (aka Ahyoka)  replied to  Ozzwald @4.1    one month ago

I've read about them from a few thousand for small businesses, to several million for large corporations, but never too much to make it infeasible to pay off easily.

That means that these hackers have done their homework.

 
 
 
Ozzwald
Professor Quiet
4.1.3  Ozzwald  replied to  Thrawn 31 @4.1.1    one month ago
Not a bad model if you ask me. Odds are you will get paid and not bring too much heat down on yourselves.

Exactly.  That's what they're banking on.

 
 
 
Ozzwald
Professor Quiet
4.1.4  Ozzwald  replied to  MsAubrey (aka Ahyoka) @4.1.2    one month ago

That means that these hackers have done their homework.

Yes they did.  If their demands were too exorbitant, they would be getting more heat with investigations and from Putin to shut them down, and fewer pay offs.  They seem to have found a happy(?) middle ground.

 
 
 
Thrawn 31
Masters Guide
4.1.5  Thrawn 31  replied to  Ozzwald @4.1.3    one month ago

Plus, I am sure the companies have some sort of insurance for things like this.

 
 
 
Ozzwald
Professor Quiet
4.1.6  Ozzwald  replied to  Thrawn 31 @4.1.5    one month ago
Plus, I am sure the companies have some sort of insurance for things like this.

I have a hard time seeing insurance companies paying off for something that was caused by the negligence of an employee.  Someone had to click the phishing link, to download the malware, to install the encryption.

Especially since the payout would just go directly to the company that clicked the link and caused the problem.  Seems like it would be ripe for fraud.  Do a full system backup then get encrypted.  Claim a bitcoin payout for insurance, then just restore everything from that backup.

But who knows, you can probably get insurance to cover anything.  Have to wonder if you can get insurance to cover insurance fraud claims??????

 
 
 
Sister Mary Agnes Ample Bottom
Professor Guide
4.2  Sister Mary Agnes Ample Bottom  replied to  Hallux @4    one month ago
Colonial Pipeline will easily re-coop the $5million and likely make an extra $5million on top. I'm sure they've mastered the 'art' of profiting from a loss.

I'm tempted to ask for proof from a verifiable source that this happened.  It would be a clever way to scam $5 million out of a country that traditionally has refused to give in to ransom demands.  Colonial:  How about if we pay the ransom, but the US pays us back?  

 
 
 
Thrawn 31
Masters Guide
5  Thrawn 31    one month ago

As I’ve been saying, cyber security needs to be the top defense priority for the US government as well as corporate America. All future conflicts will be won or lost well before a bullet is fired, it will all come down to who can fuck up the other sides computers the fastest

 
 
 
Paula Bartholomew
PhD Guide
5.1  Paula Bartholomew  replied to  Thrawn 31 @5    4 weeks ago

It should be but Moscow Mitch and his merry band of Trump ass kissers have continually shot down proposed security bills.

 
 
 
Paula Bartholomew
PhD Guide
6  Paula Bartholomew    4 weeks ago

It is too bad that the ransom was not paid in unwrapped pennies.

 
 
Loading...
Loading...

Who is online



38 visitors