Colonial Pipeline Reportedly Won’t Pay Hacker Ransom - Forbes

sinayamars.blogspot.com

Topline

Colonial Pipeline is aiming to restore its data instead of paying off the hackers who attacked the company last week, the Washington Post reported Wednesday, days after the pipeline operator shut down its network and sparked fears of East Coast gasoline shortages.

Key Facts

Colonial isn’t planning on making a ransom payment to hackers in exchange for restoring stolen data, and it’s working with cybersecurity company FireEye to rebuild its systems and recover backups, according to the Post, citing two unnamed sources.

Ransom payments to hacking groups like DarkSide — which the FBI has blamed for the Colonial attack — can total millions of dollars, some experts say.

The Post reported that a U.S.-based hosting company shut down a server connected to Colonial’s stolen data last weekend.

Colonial has made “forward progress” on restoring its main pipeline and has already reopened some smaller parts of its network, and it hopes to “substantially” restore service by the end of the week, the company said in statements Monday and Tuesday.

FireEye confirmed to Forbes that it’s working with Colonial but did not provide further comment, and Colonial didn’t answer questions about its strategy.

Crucial Quote

“Our primary focus remains the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline,” the company said in a Tuesday evening statement.

Key Background

Colonial Pipeline normally carries 2.5 million barrels of gasoline, jet fuel and products like kerosene on its Texas-to-New York pipeline every day, making up 45% of the East Coast’s fuel supply. But the company shuttered its pipeline late Friday because its computer system was hit with a ransomware attack, a strategy in which hackers disrupt a target in some way and then demand payment. Gas prices climbed and gas stations throughout the South began reporting shortages in the days following the Colonial shutdown, a trend some analysts have partly blamed on spiking demand as consumers panic-buy gasoline. The hack has also underscored fears about the vulnerability of U.S. infrastructure: Over the last year, private companies, government agencies and hospitals have all been targeted by cyberattacks.

Tangent

DarkSide emerged last summer and is believed to be based in Russia, and it’s known for offering “ransomware-as-a-service” software to cybercriminals. Members of the loosely organized group have already been implicated in attacks against several large companies, the FBI says, sometimes netting six- or seven-figure extortion payments.

Surprising Fact

The Biden administration has not offered any public guidance on whether private companies like Colonial Pipeline should make ransom payments to hackers. Deputy National Security Advisor Anne Neuberger told reporters Tuesday it’s a “very difficult situation,” but the government is letting Colonial make its own decision.