Cybercrime expert suggests Colonial Pipeline's ransom was so low because DarkSide messed up

(Image credit: ELIJAH NOUVELAGE/AFP via Getty Images)

last updated 14 May 2021

Colonial Pipeline paid the Eastern European hackers who attacked its network 75 Bitcoin, worth almost $5 million at the time of the ransom payment, The New York Times and The Wall Street Journal reported Thursday evening, backing up a report in Bloomberg News. The ransom payment to DarkSide, a group of cybercriminals in or near Russia, allowed Colonial to start restoring its network and work to reopen its massive pipeline from Texas to the East Coast, where gas stations are running out of gas amid panic buying of constrained supplies. Full restoration of gas service will take several days.

The federal government discourages such payments on the grounds they encourage further ransomware attacks. But many companies, local governments, and other organizations opt to pay the ransom because not doing so — leaving company data locked in encryption or leaked or sold on the web — would cost more, and because insurance often covers the payments.

Ransomware attacks are a big and growing problem for businesses of all size and scope. A report last month from a ransomware task force said payments rose by 311 percent in 2020 to about $350 million, paid in cryptocurrency, and the average payout was $312,493, Bloomberg reports. But ransom for large corporations like Colonial tends to be much larger, and DarkSide in particular boasts of going after the big fish.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Colonial "had to pay," cyber expert and digital forensics executive Ondrej Krehel told Bloomberg. “This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait.” But the $5 million ransom was "very low," he added. "Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response."

President Biden, under attack from Republicans over the gas shortages, signed an executive order to beef up cybersecurity after the Colonial attack, and he told reporters Thursday the U.S. might retaliate against the cybercriminals and pursue "a measure to disrupt their ability to operate." Eight websites associated with DarkSide were down Thursday, the Times reports, though it wasn't clear if the U.S was involved.

Explore More

Speed Reads

To continue reading this article...

Create a free account

Continue reading this article and get limited website access each month.

Get unlimited website access, exclusive newsletters plus much more.

Cancel or pause at any time.

Already a subscriber to The Week?

Unlimited website access is included with Digital and Print + Digital subscriptions.
with the same email registered to your subscription to unlock access.

Not sure which email you used for your subscription? Contact us

Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.

Subscribe to The Week

Sign up for The Week's Free Newsletters

Sign up for Today's Best Articles in your inbox