Colonial Pipeline paid ransomware hackers $5 million, U.S. official says
Category: News & Politics
Via: perrie-halpern • 3 years ago • 33 commentsBy: Julia Ainsley and Kevin Collier
S E E D E D C O N T E N T
Colonial Pipeline paid the hackers who shut down some of its networks nearly $5 million in ransom, a U.S. official familiar with the matter said Thursday.
News of the payment was first reported by Bloomberg. The U.S. official did not say how or when the company paid.
Colonial, which operates the country's largest fuel pipeline, announced it had been hacked Friday, and shut down all four of its major pipelines that serve the Eastern and Southeastern United States as a precaution. Gas prices rose, and some stations ran out of fuel. The Department of Transportation issued an emergency order allowing truckers driving fuel in affected states to work longer hours than federal regulations normally allow.
A third-party consulting company that now handles Colonial's press inquiries declined to comment on the payment.
The company announced Wednesday that it was resuming operations.
The FBI has historically discouraged, but not prohibited, American ransomware victims from paying hackers, as a payment isn't guaranteed to work and can encourage criminals to continue attacking others. In a press conference Monday, Anne Neuberger, the White House's deputy national security adviser for cyber and emerging technologies, acknowledged that some organizations might find paying the criminals off can be in their best interest.
"We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data," she said.
Speaking to MSNBC's Andrea Mitchell on Thursday, Neuberger said the White House's advice remains that victims do not pay the ransom.
"The federal government, we discourage the payment of ransoms, because the prolific payment of ransoms encourages ransomware."
The hackers, known as DarkSide, are one of a number of ransomware groups that hold organizations' files hostage and demand a payment, either by locking their files and making them unusable or threatening to release them to the public.
DarkSide, like many ransomware gangs, are believed to operate in Russia, and their ransomware program is designed to shut down if they infect computers that work in the Russian language.
President Joe Biden said Monday that U.S. intelligence believes DarkSide to be operating within Russia's borders, and that while it didn't appear to be directed by the Russian government, he is "going to have a conversation" with Russian President Vladimir Putin about such groups. "They have some responsibility to deal with this," he said.
DarkSide in particular is notorious for providing victims who pay with a decryption program that works painfully slowly, said Brett Callow, an analyst at the cybersecurity firm Emsisoft.
Colonial retained the cybersecurity company Mandiant to deal with the attack. Mandiant doesn't directly pay ransomware gangs on clients' behalf, a spokesperson for the company said, but acknowledges victims can choose to do so.
Tags
Who is online
101 visitors
I can't believe that there isn't a computer genius in America who couldn't reverse what the DarkSide did. I'm sure I'm in a very small minority who considers the internet to be a curse on humanity.
You haven't heard of honor among hackers? Most of the time they are showing off for each other. Hacking, like online gaming, is the one thing that transcends borders.
Some tribes of Native Americans can transcend the border between Canada and the USA.
I have no knowledge of Colonial's network infrastructure or practices. As a general rule of thumb businesses must be fanatical about updating and securing the network first to keep out hackers. There are ONLY two ways to reverse a ransomware hack. The first and quickest way is to pay. The second is to pull all the hard drives from every effected computer on the network and restore on clean drives from backup. If you don't have full off network backups you're often screwed. Just a guess, but it's quite probable Colonial was using proprietarily software developed just for their specific operation and only had data backups and not full operational backups. You would be talking years to get something back up and running from scratch.
So computerization can also mean victimization. Please, Scotty, beam me back to the early 1950s when I learned to drive a car with no computer chips that made me do the work and use my brains.
That's why I'm teaching my kids how to drive my 2012 Fiesta with a manual trans... there's no "lane change assist," there's no parallel park assist, there's no auto braking... and I'll be taking them out in my husband's 73 Ford F100 in the winter too!!!
Ransomware uses encryption on the hard drives. Anyone could undo what was done, as long as they knew the encryption code. Unfortunately, the only one who knows that code, would be the person demanding the money. And no, there is not a single generic code, the code can be as long or short as they choose to make it, and would be different every time used.
Once quantum computing is up and running, the encryption will be able to be broken fairly easily, but we are still years, if not decades, from quantum computing being advanced enough, and available enough, for that.
Makes the Trojan Horse a prediction.
My husband thinks that all computerization is an abomination.
Your husband deserves a medal.
The moment technology advanced to the point that virtually anyone can communicate with anyone else in the world from the comfort of their lazy boy, humanity opened up a Pandora’s Box. We went from 0 to 100 mph as a species in that instant, but nobody really knew how to drive the vehicle. Now it’s just careening off of every guardrail. If humans were as kind and trusting as dodo birds we’d be politely cruising alongside one another - but we never would have reached this milestone in the first place.
Yes, Pandora's box - a perfect analogy. Frankenstein's Monster also comes to mind.
So Putin wasn't behind this? All of the calls for more sanctions and everything else against Russia were for nothing? As for so slow foot Joe Biden talking to Putin trying to get Russia to take responsibility for this; does he know how many hacker groups operate within the US that aren't under the control of the US government? So next time one of those groups goes after a corporation outside of US borders- the US government will be held responsible right?
I am sure Putin will take anything Biden says under consideration for 2 or 3 seconds before making a list of his own demands. Like the US butt out of Syria, Ukraine, and every other Russian border state and former satellite.
How hard would it be for computer systems like these to be a closed system?
Interesting question. If it's closed then no one get's email from outside the company.
Air gapped systems are fine and wonderful, unless they need to access anything at all outside their own physical device. As is there are monitors and controls outside the computer's physicality that need to be monitored, if that is controlled by 1 single computer, there would have to be thousands of miles of wiring connecting every gauge and control to that 1 single computer. And that 1 computer would provide a single point of failure, since there are no backups in a closed system, unless more cables were run to any other computer in a closed system. This may be possible for s system in the same locale, but not for something that controls thousands of miles of pipelines.
Can't do that with a supply chain.
Depending on the system and what it is supposed to do, easy to impossible.
There are all sorts of incredibly cool techniques for securing systems and all sorts of brilliant minds picking the locks. But typically the hackers go after soft targets first (unless there are higher priorities to go after more hardened targets).
My guess is that this network was on the low side of security and was thus a soft target. You know, basic 1980 password security. I expect that they will bring in state-of-the-art cyber security firms to ensure (as best one can) that this does not happen again.
You would hope.
Colonial Pipeline will easily re-coop the $5million and likely make an extra $5million on top. I'm sure they've mastered the 'art' of profiting from a loss.
If there is one thing the ransomware people have shown, it is a lack of extreme greed. All money demands are small enough that the individual companies can easily absorb the cost.
I've read about them from a few thousand for small businesses, to several million for large corporations, but never too much to make it infeasible to pay off easily.
Not a bad model if you ask me. Odds are you will get paid and not bring too much heat down on yourselves.
That means that these hackers have done their homework.
Exactly. That's what they're banking on.
Yes they did. If their demands were too exorbitant, they would be getting more heat with investigations and from Putin to shut them down, and fewer pay offs. They seem to have found a happy(?) middle ground.
Plus, I am sure the companies have some sort of insurance for things like this.
I have a hard time seeing insurance companies paying off for something that was caused by the negligence of an employee. Someone had to click the phishing link, to download the malware, to install the encryption.
Especially since the payout would just go directly to the company that clicked the link and caused the problem. Seems like it would be ripe for fraud. Do a full system backup then get encrypted. Claim a bitcoin payout for insurance, then just restore everything from that backup.
But who knows, you can probably get insurance to cover anything. Have to wonder if you can get insurance to cover insurance fraud claims??????
I'm tempted to ask for proof from a verifiable source that this happened. It would be a clever way to scam $5 million out of a country that traditionally has refused to give in to ransom demands. Colonial: How about if we pay the ransom, but the US pays us back?
As I’ve been saying, cyber security needs to be the top defense priority for the US government as well as corporate America. All future conflicts will be won or lost well before a bullet is fired, it will all come down to who can fuck up the other sides computers the fastest
It should be but Moscow Mitch and his merry band of Trump ass kissers have continually shot down proposed security bills.
It is too bad that the ransom was not paid in unwrapped pennies.