At 5:30 a.m. on May 7, Colonial Pipeline, the largest U.S. oil pipeline, learned that it was in big trouble: An employee had found ransomware information left by hackers on a computer in the control room. That night, the company faced a difficult decision not to pay the hackers a ransom. According to the Wall Street Journal news on May 19, the company's CEO Joseph Blunt made a decision to pay a ransom of $4.4 million to the hackers with about 75 bitcoins, saying that the move was for the United States.
Colonial Pipeline company Joseph Blunt, according to wsj
The $4.4 million ransom was a fraction of the company's losses, and the entire loss of the entire incident was tens of millions of dollars. Ironically, the company had spent hundreds of millions of dollars in IT before the hack. Why did Colonial Pipeline choose to pay the ransom, and should it pay the ransom? The company's CEO recently gave an interview to the media and explained the reasons why he chose to pay the ransom.
The CEO responds to the decision to pay the bill:
Very controversial, but correct
Why did Colonial Pipeline decide to pay? Joseph Blunt told the Wall Street Journal that after the hack, company executives were unsure of how badly the attack had damaged their systems and how long it would take for pipeline transportation to return to normal.
"I know, it was a very controversial decision. My decision was not easy at all. I also admit that watching this money flow into the hands of those people is very uncomfortable. Joseph Blunt added, "But given the stakes at stake in critical energy infrastructure, the move is the right decision for the country." "Because shutting down a critical pipeline that accounts for about 45 percent of fuel transportation on the U.S. East Coast is very costly.
Many U.S. states are caught up in fuel panic buying according to the BBC
After paying the hackers a ransom, colonial Pipeline received a decryption tool that unlocked the previously compromised system. Although the tool had some effects, it was not possible to get the company's entire plumbing system back to normal immediately. Ultimately, the incident resulted in a six-day closure of pipelines, rising to the highest price on the East Coast in more than six years and running out of fuel at thousands of gas stations.
According to Blunt, the company chose to pay the ransom after consulting with experts who had dealt with criminal organizations, and the company also had cybersecurity insurance, but he declined to disclose details related to insurance payments. He said the company has invested $1.5 billion in maintaining the 5,500-mile pipeline over the past five years and $200 million on IT.
Give money to extortionists to save money?
The "black" of the U.S. Tubing has triggered a hot debate on ransom
For years, the FBI has advised companies not to pay when they are hit by extortion and not to support the expansion of this criminal market. But some businesses, even governments and other organizations, pay hacking groups. Some argue that this may avoid operational chaos and pay a greater price.
Sharan Martin, a former official at the UK's National Cyber Security Centre, also noted that paying ransoms to hackers encourages more criminal behavior and often fails to successfully restore systems. He suggested that companies should take these factors into account when making decisions.
DarkSide has been blamed for the cybercrime behind the attack. Cybersecurity firm TrustedSec has investigated more than a dozen cases of ransomware attacks involving the dark side. ITS CEO, David Kennedy, also opposed the ransom payment because "every time you pay these criminal organizations, you're helping them expand." But he also said he could understand Colonial Pipeline's behavior.
Colonial Pipeline, inc. According to WSJ
Last week, Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said the White House understands that ransombacks are sometimes unrealistic for businesses, especially those that don't have backups or other avenues to recover their data. She added that the U.S. government wanted to work with international partners on how to assist victims to ensure that such extortion attacks were not encouraged.
Previously, several officials, including U.S. House speaker Pelosi, criticized the ransom payment, saying such acts would fuel the wrongdoing of criminals.
US President Joe Biden previously said that the frequency of cyber attacks and extortion incidents in the United States is on the rise, and the infrastructure construction in the United States needs to be improved urgently. Biden recently signed an executive order aimed at strengthening cybersecurity and said the U.S. government needs to take action to combat cybercrime and fundamentally strengthen cybersecurity management.
Is the dark side gone or has it been ended?
Enterprises may recruit more cybersecurity talents
According to reports, after the server of the hacking organization "Dark Side" was shut down by unidentified people on the 14th, it has stopped functioning and lost control of some extortion ransoms. But whether it was "ended" by the actions of law enforcement, or whether it took the initiative to go underground and prepare to reorganize and then go out of the mountain, it is unclear.
There is some kind of opportunity in any crisis, and Colonial Pipeline has created a job opportunity in this crisis. According to the Washington Post, on the 12th, a recruitment began to circulate on social media: Colonial Pipeline company looked for a network security manager to supervise the development of its network security standards and procedures, and responsible for the recovery of network security accidents.
This recruitment caused an interesting reaction from netizens. Some netizens pretended to be surprised and asked: "Really?" What happened? Some people also read the "intimidating" work content of this position and replied, "Forget it." ”
However, this recruitment has actually been a month, and it was only last week that it was put on the recruitment app. But the crisis has also created an opportunity. Lawrence Parnell, a crisis management expert at George Washington University, believes that whoever takes over the job in this crisis will not only be paid a good salary, but will also get an opportunity to deal with major challenges and thus upgrade their careers.
Although pipeline transportation has returned to normal, the impact of this hack is not over. According to Blunt, the recovery of some of its commercial systems will take months and will eventually cost the company tens of millions of dollars. In addition, the company has a significant loss – the loss of its anonymity. Blunt said they wish no one knew about Colonial Pipeline, but now "everyone in the world knows it."
Red Star News reporter Lin Rong
Edited by Guo Yu
(Download Red Star News, there are prizes for the newspaper!) )