Colonial Pipeline confirms $4.4m payment to DarkSide hackers
Experts view the CEO's candidness about the hack as a benefit to the cyber security industry
20 May 2021 | 0
Colonial Pipeline CEO Joseph Blount has confirmed the company has paid $4.4 million to cyber criminals that launched a ransomware attack against it earlier in the month.
According to the Wall Street Journal, Blount approved the payment as executives were unclear how extensive the attack was, how far it had penetrated systems, and the time it would take to bring company operations back to normal.
“I know that’s a highly controversial decision,” Blount told the Journal. “But it was the right thing to do for the country. I didn’t make it [the decision] lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Blount said the company paid the ransom after consulting experts who’ve dealt with the DarkSide hacking group responsible for the attacks.
Lewis Jones, threat intelligence analyst at Talion, told ITPro that getting hit with ransomware doesn’t mean a company has failed. The threat is an unfortunate fact of life today. It doesn’t matter how strong your defenses are, attackers will continue to be creative and adapt new techniques to infiltrate defenses.
“The fact that the CEO of Colonial Pipeline is speaking publicly about the company’s recent ransom payment is a very positive step and more companies should follow suit. The more companies open up about attacks and are transparent on the action they took when under attack, the more we can learn about cybercriminal techniques and build better defenses,” he said.
“Whilst it appears the CEO felt they had no further option, the surrendering and paying of ransom does further feed the issue by providing the attackers with more funds for better capability and more notoriety, which may fuel copycat tactics by other groups.”
Edgard Capdevielle, CEO of Nozomi Networks, told ITPro that ransomware is a reality that many organisations face today. By coming out and talking about the attack, the Colonial Pipeline CEO provides the security industry with invaluable intelligence into the cyber criminals’ techniques, helping drive more awareness around the threat and build better defenses.
“When it comes to ransomware it is no longer a case of if, but when. Companies need to get into a post-breach mentality, pre-breach, and harden systems so that when they are faced with an attack, they know exactly how they will respond and what they stand to lose depending on their response,” he said.
According to Elliptic co-founder and chief scientist Tom Robinson, victims made just over $90 million in Bitcoin ransom payments to DarkSide, originating from 47 distinct wallets. According to DarkTracer, DarkSide ransomware has infected 99 organisations, which suggests that around 47% of victims paid a ransom, and the average payment was $1.9 million.
“To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a low bound,” said Robinson.
DarkSide recently disbanded after further investigations by US law enforcement. An e-mail to DarkSide’s affiliates said that it was shutting up shop “due to the pressure of the US”. However, many criminal gangs have been said they are disbanding only to show up again weeks or months later under a new name.
© Dennis Publishing
Professional Development for IT professionals
The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more