According to a Bloomberg report, the Colonial Pipeline ransomware attack has apparently resulted in a $5 million blackmail payoff. The victimized company agreed to the ransom demand within hours of the cyber attack, contradicting earlier reports that the company would not pay the extortion fee. A separate Reuters report cites Insurance Insider, the London-based market intelligence firm, as saying the company has cyber insurance with $15 million coverage, possibly influencing the decision.
Upon delivery of the ransom paid in cryptocurrency, the DarkSide cybercrime group provided a decrypting tool to restore the beleaguered network. The tool, apparently less than effective, required the company to resort to the continued use of its own backup systems and processes.
To pay or not to pay
In a recent bulletin, the U.S. FBI stated, “The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”
Researchers from Check Point have noted a 300 percent increase in ransomware attacks in the U.S. over the past nine months. Industries that are most critical and profitable, such as healthcare and utilities, have been targeted by cyber attacks. “When there’s a successful attack against that infrastructure they are very likely to pay and pay fast to get out of the situation they are in,” Check Point Software Technologies Director of Engineering, Joel Hollenbeck said. Paying the ransom may increase the likelihood of this cycle of attacks continuing as cyber criminals acquire more money and influence.
Cyber Security Hygiene
What can organizations do?
Resolving increasingly more sophisticated hacks can take time so experts say prevention is key. “In almost every instance it comes down to basic cyber security hygiene,” Hollenbeck said. “Everybody needs to review to make sure they have up-to-date patches, they have anti-ransomware solutions, and doing the necessary user education.”
Similarly, the FBI has issued these best practices to minimize ransomware risks:
- Backup your data, system images, and configurations, test your backups, and keep backups offline
- Utilize multi-factor authentication
- Update and patch systems
- Make sure security solutions are up to date
- Review and exercise your incident response plan