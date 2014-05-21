from the dark-netted dept.
Hackers Got $5 Million: Colonial Pipeline Reportedly Paid A Ransom In Cryptocurrency, Contrary To Claims:
The Colonial Pipeline Company reportedly paid hackers $5 million on Friday following a cyberattack that forced the pipeline offline and created a severe gas shortage, sources told Bloomberg News Thursday, which conflicts with reports the company would not pay a ransom.
[...] The FBI concluded on Monday DarkSide was responsible for the cyberattack, and President Joe Biden said Russian officials may have "some responsibility" for the attack because the group of hackers used ransomware originated in Russia. Kremlin spokesperson Dmitry Peskov denied any Russian involvement in the attack. Colonial is responsible for transporting 45% of all fuel used on the East Coast, and the five-day outage left thousands of gas stations in the Southeastern United States without fuel.
Colonial isn't the first company to pay hackers ransom to try and restore service. In July 2020, U.S. travel company CWT paid hackers $4.5 million to try and recover corporate files and bring their computer systems back online.
DarkSide hackers say the Colonial Pipeline cyber attack was only about the money - not politics:
The ransomware gang accused of crippling the leading US fuel pipeline operator has said it never meant to create havoc, an unusual statement that experts said was a sign the cyber criminals' scheme had gone awry.
[...] The terse news release posted to DarkSide's website early on Monday did not directly mention Colonial Pipeline but, under the heading "About the latest news", noted that "our goal is to make money, and not creating problems for society".
(Score: 2) by Rosco P. Coltrane on Friday May 14, @05:52AM
I always wonder why news sources bother to quote whatever the accused party has to say about the matter. I mean it's not like they're gonna fess up to it: "Yeah we shut down big pipeline. We started work on that right after the Novichok attack in Salisbury." Come on... Of course they's gonna deny it.
(Score: 0) by Anonymous Coward on Friday May 14, @06:16AM
So the pipeline was brought down by a run-of-the-mill cybercriminal. This was not a determined, stuxnet style attac.
Maybe the pipeline should not have paid a hefty ransom?! Paying a ransom in this situation is just a (potentially justified in this case, I'll give you that ...) cop-out to the fact that for years they have obviously not been securing their systems, not having any disaster plan at all for this eventuality (that's unprofessional for a provider of essential services!), and not separating their operational systems from the internet (that's also unprofessional these days) ... if they did the latter right, they would have still been pumping gas, and worrying about payment later with the data still available from the pumps.
But of course, doing all of that would have collided with the prime directive of making money, i.e. first and for all not spending any money.
And don't you tell me about monitoring (which should be one-way unless stuxnet, which this wasn't) or cloud-enabled IoT (which is a no-no, and alternatives *are* available in that market, but not from the cheapest garage-sale supplier). How much you wanna bet they *still* saved more from being insecure than the 5M$ ransom? So it's a net win for them!! That's disgusting. Make them pay double the ransom in fines, because willful incompetence *must* *never* *pay*!
The fact that the criminals themselves were flustered by what they did is a telltale sign. Yes, they made the house of cards come down with a sneeze, but the pipeline operator should have built a concrete house in the first place!
And I would place high bets that the actual operations people were clamoring for all of the above for at least ten years, and were silenced again and again and again.
It's times like these that grudgingly make me think that natural and de-facto monopolies should be nationalized. That's far from a panacea, but at least it would stop the greed-caused mismanagement to the detriment of society - in a monopoly, a market *cannot* correct for that, so it is not the correct approach.