Cybercrime expert suggests Colonial Pipeline's ransom was so low because DarkSide messed up
Colonial Pipeline paid the Eastern European hackers who attacked its network 75 Bitcoin, worth almost $5 million at the time of the ransom payment, The New York Times and The Wall Street Journal reported Thursday evening, backing up a report in Bloomberg News. The ransom payment to DarkSide, a group of cybercriminals in or near Russia, allowed Colonial to start restoring its network and work to reopen its massive pipeline from Texas to the East Coast, where gas stations are running out of gas amid panic buying of constrained supplies. Full restoration of gas service will take several days.
The federal government discourages such payments on the grounds they encourage further ransomware attacks. But many companies, local governments, and other organizations opt to pay the ransom because not doing so — leaving company data locked in encryption or leaked or sold on the web — would cost more, and because insurance often covers the payments.
Ransomware attacks are a big and growing problem for businesses of all size and scope. A report last month from a ransomware task force said payments rose by 311 percent in 2020 to about $350 million, paid in cryptocurrency, and the average payout was $312,493, Bloomberg reports. But ransom for large corporations like Colonial tends to be much larger, and DarkSide in particular boasts of going after the big fish.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Colonial "had to pay," cyber expert and digital forensics executive Ondrej Krehel told Bloomberg. “This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait.” But the $5 million ransom was "very low," he added. "Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response."
President Biden, under attack from Republicans over the gas shortages, signed an executive order to beef up cybersecurity after the Colonial attack, and he told reporters Thursday the U.S. might retaliate against the cybercriminals and pursue "a measure to disrupt their ability to operate." Eight websites associated with DarkSide were down Thursday, the Times reports, though it wasn't clear if the U.S was involved.
“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia,” Biden said, adding that "responsible countries" take "decisive action against these ransomware networks."
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
DOJ demands changes at 'abhorrent' Atlanta jail
Speed Read Georgia's Fulton County Jail subjects inmates to 'unconstitutional' conditions, the 16-month investigation found
By Rafi Schwartz, The Week US Published
-
China tries to bury deadly car attack
Speed Read An SUV drove into a crowd of people in Zhuhai, killing and injuring dozens — but news of the attack has been censored
By Peter Weber, The Week US Published
-
Menendez brothers may go free in LA prosecutor plan
Speed Read Prosecutors are asking for the brothers to be resentenced for the 1989 murder of their parents
By Peter Weber, The Week US Published
-
Abercrombie ex-CEO charged with sex crimes
Speed Read Mike Jeffries ran the brand during its heyday from 1992 to 2014
By Rafi Schwartz, The Week US Published
-
Trump criminal trial starts with rulings, reminder
Speed Read The first day of his historic trial over hush money payments was mostly focused on jury selection
By Rafi Schwartz, The Week US Published
-
Parents of school shooter sentenced to 10-15 years
Speed Read Jennifer and James Crumbley are the first parents to be convicted in a US mass shooting
By Peter Weber, The Week US Published
-
Unlicensed dealers and black market guns
Speed Read 68,000 illegally trafficked guns were sold in a five year period, said ATF
By Peter Weber, The Week US Published
-
Bankman-Fried gets 25 years for fraud
Speed Read Former "crypto king" Sam Bankman-Fried will report to federal prison
By Peter Weber, The Week US Published