Colonial Pipeline paid off Eastern European hackers who attacked its 75 Bitcoin network, worth nearly $ 5 million at the time of the ransom payment, The New York Times and The Wall Street Journal reported Thursday evening, substantiating a report in Bloomberg News. Paying the ransom to DarkSide, a group of cybercriminals in or near Russia, allowed Colonial to start restoring its network and work on reopening its massive pipeline from Texas to the East Coast, where gas stations are running out of gas due to panic buying limited supplies. . The complete restoration of gas service will take several days.
The federal government discourages these payments on the grounds that they encourage further ransomware attacks. But many businesses, local governments, and other organizations choose to pay the ransom because not doing so – leaving company data locked in encryption or disclosed or sold on the web – would cost more, and because insurance often covers payments.
Ransomware attacks are a major and growing problem for businesses of all sizes and sizes. A report last month from a ransomware task force said payments increased 311% in 2020 to around $ 350 million, paid in cryptocurrency, and the average payout was $ 312,493. Bloomberg reports. But the ransom for big companies like Colonial tends to be much higher, and DarkSide in particular boasts of going after the big fish.
Colonial “had to pay,” said Ondrej Krehel, cyber expert and head of digital forensics. Bloomberg. “It’s cyber cancer. Do you want to die or do you want to live? This is not a situation where you can wait. But the $ 5 million ransom was “very small,” he added. “The ransom is usually around $ 25-35 million for such a business. I think the threatening actor realized he had stepped on the wrong business and triggered a massive response from the government.”
President Biden, under attack by Republicans over gas shortages, signed an executive order to bolster cybersecurity after the colonial attack, and he told reporters on Thursday that the United States could retaliate against cybercriminals and prosecute “a measure aimed at disrupting their ability to function “. Eight websites associated with DarkSide were down on Thursday, the Time reports, but it was not clear whether the United States was involved.
“We don’t think the Russian government was involved in this attack, but we have good reason to believe that the criminals who carried out the attack live in Russia,” Biden said, adding that “the responsible countries” are taking “decisive action against these. ransomware networks.”
More stories from theweek.com
The republican theory of unemployment is classic of Marx
There is growing speculation that Meghan Markle and Prince Harry will name their daughter ‘Philippa’
A Brief History of the White House Cats