The Stack

Colonial Pipeline “paid $5m ransom” — former CISA chief blasts being “investor in criminal enterprise”

Colonial Pipeline Co. paid a $5 million ransom in cryptocurrency to the hackers who shut down its network with ransomware — taking the critical energy pipeline offline and triggering a national emergency — within hours of the hack, according to a Bloomberg report citing unnamed sources on Thursday May 13.

“Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system,” the story claimed, without naming a source.

Colonial Pipeline and the National Security Council both declined to comment. Former CISA Director Chris Krebs noted on Twitter that paying a ransom made those doing so an “active investor in a criminal enterprise.”

In June 2020 the University of California made the unusual step of publicly acknowledging that it had paid cybercriminals $1.14 million (£1 million) to decrypt a “limited number of servers” in its School of Medicine that were hit by ransomware this month, saying that data encrypted in the attack, attributed to the Netwalker ransomware family, was important to “serving the public good… We therefore made the difficult decision to pay… for a tool to unlock the encrypted data and the return of the data.”

Cybersecurity expert Kevin Beaumont, tweeting before the ransom payment had broken, noted: “The USG needs to stop treating big game ransomware as a victim punting to FBI exercise (they’re not equipped to stop it) and officially classify it as a national security risk, to enable covert action. Other governments need to do this too. It’s a runaway freight train, they’re getting too powerful too quickly, serious effort needs to be put in to catch up with said train. I cannot stress how far behind everybody is.”

When asked by reporters late on Thursday whether he had been briefed on the fact that Colonial Pipeline Co. had allegedly paid the ransom, US President Joe Biden said he had “no comment on that.”

An executive order signed by Biden May 12, meanwhile, aims to help improve cybersecurity across both the federal and private sectors. Explicitly, it aims to:

Speaking to The Stack’s founder Ed Targett in late 2020, one senior UK cybercrime officer said: ““It would be difficult to argue credibly that we aren’t [outgunned]. The public sector are never going to be particularly cutting edge with their standard IT and training equipment that we give to people.

“We bring in bright young things straight out of university; you come into law enforcement and it’s a case of ‘here’s your Windows 7 laptop and 50p to put in the slot on the side’. We’re not always keeping pace.”

The names of bluechip companies hit by ransomware over the past 12 months meanwhile just keeps growing: Honda, one of the world’s biggest car manufacturers; Cognizant, a major IT services company; Finastra, a prominent banking services provider; MaxLinear, a NYSE-listed semiconductor specialist: the list goes on. (Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion in 2021.)

The Pipeline Hack: 2 (just 2!) key takeaways

Exit mobile version