Wired: Colonial Pipeline’s Ransomware Payoff Keeps Infrastructure ‘in the Crosshairs’


A recent report from Wired reveals that a week after a ransomware attack shut down Colonial Pipeline halting fuel distribution on the East Coast, the company paid a reported $5 million dollar ransom to regain control of their systems and resume operations. The payoff may lead to future ransomware attacks, as one expert notes: “Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

Wired reports in an article titled “Colonial Pipeline Paid a $5M Ransom—and Kept a Vicious Cycle Turning,” that a week after a ransomware attack that shut down Colonial Pipeline and halted the distribution of fuel on the East Coast, Colonial Pipeline paid hackers in order to regain access to their systems.
The Colonial Pipeline reportedly paid 75 Bitcoins, or around $5 million, to gain access to their systems again. The FBI discourages paying off ransomware hackers, but organizations continue to do so to regain access to hacked systems.

Wired writes:

Nearly a week after a ransomware attack led Colonial Pipeline to halt fuel distribution on the East Coastreports emerged on Friday that the company paid a 75 bitcoin ransom—worth as much as $5 million, depending on the time of payment—in an attempt to restore service more quickly. And while the company was able to restart operations Wednesday night, the decision to give in to hackers’ demands will only embolden other groups going forward. Real progress against the ransomware epidemic, experts say, will require more companies to say no.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying. They either don’t have the backups and other infrastructure necessary to recover otherwise, can’t or don’t want to take the time to recover on their own, or decide that it’s cheaper to just quietly pay the ransom and move on. Ransomware groups increasingly vet their victims’ financials before springing their traps, allowing them to set the highest possible price that their victims can still potentially afford.

In the case of Colonial Pipeline, the DarkSide ransomware group attacked the company’s business network rather than the more sensitive operational technology networks that control the pipeline. But Colonial took down its OT network as well in an attempt to contain the damage, increasing the pressure to resolve the issue and resume the flow of fuel along the East Coast. Another potential factor in the decision, firstreported by Zero Day, was that the company’s billing system had been infected with ransomware, so it had no way to track fuel distribution and bill customers.

Wired reports, as Breitbart News noted earlier this week, that ransomware attacks continue to happen because they are very profitable for the hackers. The outlet quotes Brett Callow, a threat analyst at antivirus company Emsisoft, who said: “I can’t say I’m surprised, but it’s certainly disappointing. Unfortunately, it’ll help keep United States critical infrastructure providers in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it.”

Morgan Wright, the Chief Security Advisor at SentinelOne and former Senior Advisor of the U.S. State Department and the Anti-Terrorism Assistance Program, appeared on Breitbart News Daily recently to speak with Breitbart News Editor-in-Chief and host of Breitbart News Daily, Alex Marlow. The key topic of the day was the rise in ransomware attacks and the recent cyber attack on the Colonial Pipeline.

Asking Wright what we currently know about the colonial pipeline hack and what the establishment media may have missed about the situation, Wright stated: “Details are always hard to come by in these things, because it’s the fog of war basically as the investigation unrolls. We do know what publicly has been said but there are some things that we can figure out behind that as well. One is that definitely if they’re not in Russia, they’re definitely linked to Russia, these attackers, because they’re getting air cover from Vladamir Putin.”

Wright continued: “We have criminal gangs operating in countries or regions we have no extradition treaty with, no mutual legal assistance treaties, so we get zero help in investigating these things. The second thing is, this is actually kind of a watershed moment. This is one of the first things where a criminal organization has taken the place of a nation-state in terms of an attack on infrastructure.”

Discussing the motivations of the hackers, Wright said: “I think one of the underreported things about this, and I think it’s a day of reckoning, is the use of cryptocurrency to enable these groups to continue their activities. In other words, if you remove the ability to monetize this, these gangs are out of business because they’re only in it for one reason — to make money. So I think there’ll be a day of reckoning with how countries look at the use of cryptocurrencies, especially Bitcoin.”

Read more at Wired here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com


Please let us know if you're having issues with commenting.