Technology Should Colonial Pipeline have paid a ransom to DarkSide hackers?

00:00  15 may  2021
00:00  15 may  2021 Source:   qz.com

What is ransomware? Everything you need to know about one of the biggest menaces on the web

  What is ransomware? Everything you need to know about one of the biggest menaces on the web Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?

a sign on the side of a building: Holding tanks bearing the Colonial Pipeline logo loom over a grassy field. © Provided by Quartz Holding tanks bearing the Colonial Pipeline logo loom over a grassy field.

It cost just under $5 million for Colonial Pipeline, the company that operates the largest fuel pipeline in the US, to pay off a gang of cybercriminals that hacked its servers, shut off the flow of oil and gas, and disrupted fuel supplies across the east coast. The company caved to hackers’ ransom demands within hours of the attack, Bloomberg News reported.

In a ransomware attack, criminals encrypt a company’s data and demand an extortion payment in exchange for a special key that will restore the company’s access to its files. Colonial Pipeline’s decision to pay the hackers flies in the face of most official recommendations. US policy—and the standing advice of many other national governments and intelligence agencies—is clear: Companies should not pay ransoms to hackers.

Pipeline officials hope most service will be back by weekend

  Pipeline officials hope most service will be back by weekend WASHINGTON (AP) — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers. U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend. © Provided by Associated Press A company that operates a major U.S.

But in practice, it’s a bit messier than that. From time to time, the FBI will privately tell a hacked company it understands if executives choose to pay off the hackers. At a press conference following the Colonial Pipeline Attack, top White House cybersecurity official Anne Neuberger acknowledged that sometimes companies have no other choice: “We recognize, though, that companies are often in a difficult position if their data are encrypted and they do not have backups and cannot recover the data,” she said.

It’s certainly welcome news that a key piece of US energy infrastructure will soon be back online. But the episode raises a thorny question: Should companies pay ransoms, knowing they may just encourage future attacks?

Russia Denies Involvement in Colonial Pipeline Cyber Attack: Kremlin

  Russia Denies Involvement in Colonial Pipeline Cyber Attack: Kremlin President Joe Biden said that although U.S. intelligence had found no evidence to link the attack with the Russian government, he believed the country had "some responsibility to deal with" the issue.The pipeline, which stretches more than 5,500 miles and carries 45 percent of the East Coast's supply of diesel, petrol and jet fuel, was taken offline over the weekend, disrupting fuel supply across eastern parts of the country and pushing prices up.

The perils of paying ransoms

The standard wisdom from cybersecurity experts and intelligence agencies is that ransom payments only incentivize and fund future cyberattacks. “Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals,” the FBI wrote in an October 2019 public service announcement.

Therefore the best course of action, many experts argue, is for companies to refuse hackers’ demands. “If you want to stop ransomware attacks, you need to make the cashflow dry up, which means companies need to stop giving in to these shakedowns,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft.

Putting aside the ethical and long-term strategic qualms a company might have about funding criminal organizations, there’s also the question of whether firms can trust hacking groups to be reliable business partners. In some cases, even after a company has paid a ransom, hackers failed to send the decryption key that would allow the firm to restore its data. Other times, hackers have demanded a second ransom after receiving the first. “You’re paying for a pinky promise from criminals,” Callow said.

Colonial Pipeline paid a $5M ransom – but will that only invite other malware hacks?: 'If the payments stop, the attacks will stop'

  Colonial Pipeline paid a $5M ransom – but will that only invite other malware hacks?: 'If the payments stop, the attacks will stop' Some cybersecurity experts, afraid Colonial Pipeline's $5M payout to hackers will trigger more malware attacks, are seeking a ban on ransom payments.The critiques stem from a decision by Colonial Pipeline, a gasoline delivery company, to pay more than $5 million for control of its computer system from a criminal syndicate known as Darkside.

In recent years, ransomware groups have become increasingly sophisticated and professional, just as their annual revenues have ballooned into the billions. (The hackers made at least $18 billion during a crime wave in 2020, according to an estimate from Emsisoft.) On the one hand, this trend provides evidence that ransom payments have, in fact, allowed hackers to reinvest their profits in expanding their operations with the same ruthless efficiency as Amazon.

But on the other hand, the hackers have become less amateurish, which may lead more businesses to feel that they can trust the criminals to hold up their end of the bargain after a ransom payment. Most of the time, the hackers do keep their word and send decryption keys to companies that pay. Many ransomware groups even offer live chat support to walk companies through the process of restoring their data.

It’s hard to estimate how many ransomware groups are now operating, but the ransomware identification service ID Ransomware identified more than 500,000 confirmed incidents in 2020. In a survey of 600 companies in Australia, France, Germany, Japan, Spain, the UK, and the US by cybersecurity firm Proofpoint, two-thirds of companies said they had experienced a ransomware attack in 2020.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin

  After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic. Ransomware: An executive guide to one of the biggest menaces on the web

The business world’s collective action problem

It’s easy to say in the abstract that companies shouldn’t pay ransoms, but for any individual organization, it’s a very hard choice. Often, it’s much cheaper to pay off a hacker than it is to recreate your company’s IT infrastructure from scratch. The city of Baltimore refused a $76,000 ransom payment in May 2019, and then paid $18 million to rebuild its IT network. The city of Atlanta refused a $51,000 ransom in march 2018 and went on to pay $17 million to rebuild its infrastructure.

“You’re the CEO of a company, and your choice is to pay or go out of business,” said Jim Lewis, senior vice president of the Center for Strategic and International Studies, a US national security think tank. “Which are you going to pick?”

That dilemma sets up a collective action problem: One business may refuse to pay a ransom for the sake of starving cybercriminals of cash—but its sacrifice won’t have any impact unless the rest of the business world follows suit. And that’s a dubious prospect. According to the Proofpoint survey, just over half of companies targeted by a ransomware attack give in and pay the hackers.

Callow believes the only way out of this impasse is for governments to step in and make ransom payments illegal, even if that would create worse financial outcomes for some companies that have been targeted. “Companies would undoubtedly feel the pain as a result,” he said. “Some may even be forced to close. But attacks have forced some companies to close anyway and, really, what choice do we have here?”

Why ransomware cyberattacks are on the rise

  Why ransomware cyberattacks are on the rise A recent spate of ransomware attacks has left the nation reeling. A recent spate of ransomware attacks has crippled critical American infrastructure, disrupted major food supply chains and revealed that no firm -- big or small -- is safe from these insidious cyberattacks.

In the private sector, at least one major insurance company has already declared it will no longer cover digital ransom payments for its clients. AXA, one of Europe’s biggest insurers, swore off the practice at the behest of the French government.

But Lewis says it doesn’t make sense to tell businesses not to make ransom payments if it’s in their economic interest to do so. The root of the problem isn’t that companies are paying ransoms, he said. It’s the fact that businesses don’t have adequate cyber defenses, and that the international community hasn’t adequately confronted Russia and other countries that harbor hacking groups to force them to crack down on cybercriminals.

“Until we get this under control, and that means figuring out a way to deal with the Russians, and figuring out a way to make sure critical infrastructure like hospitals do the right things to make themselves harder targets for ransomware,” Lewis said, it doesn’t make sense to stop companies from paying ransoms.

“People need to think of this as a business, and for the victims it’s a business decision,” said Lewis. “Right now there are so many vulnerabilities and so many inadequately defended networks that not paying isn’t going to mean less ransomware attacks. It’s just going to mean you go out of business… or have revenue loss for some period of time.”

Majority of $4.4 million cryptocurrency ransom payment in Colonial Pipeline hack recovered .
Deputy Attorney General Lisa Monaco said the FBI was able to "turn the tables" on the group known as the "Darkside," believed to be based in Russia. At a Justice Department briefing, FBI Deputy Director Paul Abbate said investigators were able to trace the payment to a "virtual currency wallet," and then seized more than $2 million in cryptocurrency funds.Start the day smarter. Get all the news you need in your inbox each morning. Although it is unlikely that the hackers would ever face charges in the U.S., Monaco and Abbate said the U.S.

usr: 0
This is interesting!