[Text/Observer Network Zhang Chenjing] Last week, due to a hacker ransomware attack, the operator of the "main artery" of oil transmission on the East Coast of the United States, The Company, was forced to suspend operations completely, and 17 states entered a state of emergency. After a week of arduous "maneuvering", colonial Pipeline announced the resumption of operations at about 5 p.m. local time on May 13.
As for why it can resume operations, Bloomberg reported on the 13th, quoting people familiar with the matter, that in fact, Colonial Company has paid a ransom of $5 million to hackers to restore the system within a few hours of the ransomware attack. Another person familiar with the matter said that Biden government officials were aware of the ransom. When asked on the 13th whether he knew about the matter, President Biden paused and then said "there is no comment on this."
Screenshot of Bloomberg's report
Bloomberg reported that two people familiar with the matter said that Colonial company paid nearly $5 million in ransom to hackers in the form of hard-to-trace cryptocurrencies as early as a few hours after the attack on Friday (7th). U.S. media NBC News also quoted a U.S. official familiar with the situation as saying the incident.
This contradicts the reports of Reuters, The Washington Post and other media on the 12th that "Colonial companies have no intention of paying ransom".
Another person familiar with the matter revealed to Bloomberg that U.S. government officials also knew that Colonial had paid the ransom. However, when asked on the 13th whether he knew about the ransom, Biden paused and then said, "I have nothing to say about this."
A person familiar with the company said that after the hackers received the ransom, they provided Colonial with a decryption tool to restore the previously paralyzed system. But the tool ran slowly, causing the company to continue to use its own backups to help restore the system.
Bloomberg believes colonial's move underscores the enormous pressure the Georgia-based operator is facing. It serves as a "major artery" for oil transportation in the United States, and the pipeline supplies 45 percent of the east coast with gasoline, diesel, aviation fuel, and fuel for the military.
Colonial did not respond to these claims, but the company has begun to resume fuel transportation at about 5 p.m. on the 13th.
The FBI has historically discouraged, but has not prohibited, U.S. ransomware victims from paying ransom to hackers because such payments are not guaranteed to be effective and may encourage criminals to continue to attack others.
Anne Neuberger, deputy national security adviser for networks and emerging technologies at the White House, also said in an interview on the 13th that the White House still advises victim companies not to pay ransom, "which will encourage ransomware."
But the report points out that the victims are in a dilemma, and they have to weigh the loss of not paying the ransom, or the risk of data exposure. The reality is that most companies will choose to pay a ransom, in part because they have an online insurance policy, and these payments may be compensated.
Ondrej Krehel, CEO and founder of digital forensics company LIFARS, said, "They can only pay, it's cyber cancer." Do you want to die or do you want to live? It's not a situation where you can wait. Krell also called the $5 million ransom "very low," typically ranging from $25 million to $35 million. "I think the hackers realized they were stepping on the wrong company and didn't expect to trigger a massive response from the government."
Colonial Pipeline, the largest U.S. pipeline operator, stores oil tanks in Maryland Photo: The Paper
The dark side, the hacking group that launched the attack, took the initiative to explain on May 10 that their purpose was to ask for money, not to create trouble for society. He also stressed that "starting today, we will adjust the program and check the background of each target company before the partner launches an attack to avoid negative impacts on society in the future." ”
The group was founded last year and has been described as "young and professional". Varonis, a cybersecurity firm based in New York and with its lab in Israel, believes that given the "dark side" and "great familiarity" with the cyber infrastructure, security technology and weaknesses of the extortion targets, it can be assumed that its members may include former Internet security professionals. There are also US media claiming to have links with the Russian government, but did not provide evidence.
Biden reiterated his previous statement on the 13th, saying that the US side does not believe that the Russian government is related to the hacking incident of Colonial, but the US side has good reason to believe that the person who carried out the cyber attack lives in Russia.
According to a report released last month by the Ransomware Task Force, the ransom payable by victims increased by 311% in 2020, with cryptocurrencies reaching $350 million. The average ransom paid by the organization in the same year was $312,000.
This article is an exclusive manuscript of the Observer Network and may not be reproduced without authorization.