Author Topic: Colonial pays huge ransom  (Read 2322 times)

Grandpa Shooter

  • friend
  • Senior Member
  • ***
  • Posts: 2,079
Colonial pays huge ransom
« on: May 13, 2021, 05:52:54 PM »
I just read an article about Colonial paying a $5,000,000 ransom to the hacker group that tied up their computer system (which apparently did not cripple the pipeline) after claiming they would never do that.  Aside from that being a dangerous concession to terrorism, doesn't that signal the world that we are so weak that they can shut down our systems at will?  What's next, the railroads, canals, power grids, medical technology.......?

Ben

  • Administrator
  • Senior Member
  • *****
  • Posts: 45,745
  • I'm an Extremist!
Re: Colonial pays huge ransom
« Reply #1 on: May 13, 2021, 06:03:47 PM »
Colonial is a private company. I'm sure they would rather not have paid, but how much would it have cost them if they didn't pay and the gas shortage expanded both geographically and temporally? People would be calling for their heads, and the anti-oil current administration would do the same thing to Colonial that they are doing to anyone that was in the vicinity of 06JAN.

$5 million is a lot cheaper than losing everything, and all of Colonial upper management going to federal prison without bail for five years waiting for a trial on a trumped up federal charge for not delivering oil to the public. Colonial might have worked with a different administration to not pay, with the administration perhaps using the strategic reserves and/or devoting significant cyber resources to the problem. The current administration has only said this wouldn't happen if we all drove electric cars. So I can't fault Colonial.
"I'm a foolish old man that has been drawn into a wild goose chase by a harpy in trousers and a nincompoop."

MillCreek

  • Skippy The Wonder Dog
  • friend
  • Senior Member
  • ***
  • Posts: 19,964
  • APS Risk Manager
Re: Colonial pays huge ransom
« Reply #2 on: May 13, 2021, 06:11:55 PM »
Having read about it in my professional circles, I know for a fact that various US healthcare facilities have paid ransomware to hackers who have shut down their electronic medical records.
_____________
Regards,
MillCreek
Snohomish County, WA  USA


Quote from: Angel Eyes on August 09, 2018, 01:56:15 AM
You are one lousy risk manager.

ConstitutionCowboy

  • friend
  • Senior Member
  • ***
  • Posts: 642
  • My Gender and Pronouns are Standard.
Re: Colonial pays huge ransom
« Reply #3 on: May 13, 2021, 06:25:09 PM »
Trace the money and blow them off the face of the Earth.

Woody
   "Knowing the past, I'll not surrender any arms and march less prepared into the future."   B.E.Wood

WLJ

  • friends
  • Senior Member
  • ***
  • Posts: 27,849
  • On Patrol In The Epsilon Eridani System
Re: Colonial pays huge ransom
« Reply #4 on: May 13, 2021, 06:34:35 PM »
Trace the money and blow them off the face of the Earth.

Woody

Wrong president
"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us".
- Calvin and Hobbes

Cliffh

  • friend
  • Senior Member
  • ***
  • Posts: 2,227
Re: Colonial pays huge ransom
« Reply #5 on: May 13, 2021, 06:47:25 PM »
What am I missing here?

Seems that, if you have a good, recent backup you could simply restore the system and be back up & running?

I realize it'd be a bigger deal than if my laptop got shut down, but still....

lee n. field

  • friend
  • Senior Member
  • ***
  • Posts: 13,534
  • tinpot megalomaniac, Paulbot, hardware goon
Re: Colonial pays huge ransom
« Reply #6 on: May 13, 2021, 07:11:35 PM »
I just read an article about Colonial paying a $5,000,000 ransom to the hacker group that tied up their computer system (which apparently did not cripple the pipeline) after claiming they would never do that.  Aside from that being a dangerous concession to terrorism, doesn't that signal the world that we are so weak that they can shut down our systems at will?  What's next, the railroads, canals, power grids, medical technology.......?

100 bitcoin, would be my guess

(last  ransomware I helped with, small business, was asking .5 bitcoin.)
In thy presence is fulness of joy.
At thy right hand pleasures for evermore.

230RN

  • It's like swimming to shore in an ebb tide.
  • friend
  • Senior Member
  • ***
  • Posts: 18,826
  • Pushing back. Help me out, here...
Re: Colonial pays huge ransom
« Reply #7 on: May 13, 2021, 07:32:38 PM »
Trace the money and blow them off the face of the Earth.

Woody

A "turn the other Little Boy" attitude if ever I saw one.
« Last Edit: May 13, 2021, 08:09:00 PM by 230RN »

lee n. field

  • friend
  • Senior Member
  • ***
  • Posts: 13,534
  • tinpot megalomaniac, Paulbot, hardware goon
Re: Colonial pays huge ransom
« Reply #8 on: May 13, 2021, 07:34:56 PM »
What am I missing here?

Seems that, if you have a good, recent backup you could simply restore the system and be back up & running?

I realize it'd be a bigger deal than if my laptop got shut down, but still....

Depends on how big and complicated their systems are, how good their backups (and security) are.  How well things are documented.  Did it get into the SCADA stuff?

Ransomeware stress tests your recovery.  And even if they get a good decryption key, they're looking at a lot of work.

(Last ransomware remediation I did, last week, they had no backup.  Zero, zip, nada.  Fortunately for them the new owner had moved from a locally housed application, to the cloud based version. )
« Last Edit: May 13, 2021, 09:13:15 PM by lee n. field »
In thy presence is fulness of joy.
At thy right hand pleasures for evermore.

ConstitutionCowboy

  • friend
  • Senior Member
  • ***
  • Posts: 642
  • My Gender and Pronouns are Standard.
Re: Colonial pays huge ransom
« Reply #9 on: May 13, 2021, 08:16:50 PM »
Wrong president

Yup. Elections have consequences.

Woody
   "Knowing the past, I'll not surrender any arms and march less prepared into the future."   B.E.Wood

ConstitutionCowboy

  • friend
  • Senior Member
  • ***
  • Posts: 642
  • My Gender and Pronouns are Standard.
Re: Colonial pays huge ransom
« Reply #10 on: May 13, 2021, 08:24:27 PM »
A "turn the other Little Boy" attitude if ever I saw one.

Umm ... Is that good or bad?  =|

Woody
   "Knowing the past, I'll not surrender any arms and march less prepared into the future."   B.E.Wood

WLJ

  • friends
  • Senior Member
  • ***
  • Posts: 27,849
  • On Patrol In The Epsilon Eridani System
Re: Colonial pays huge ransom
« Reply #11 on: May 13, 2021, 08:29:59 PM »
Little Boy was the code name for the type of bomb dropped on Hiroshima.
"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us".
- Calvin and Hobbes

Boomhauer

  • Former Moderator, fired for embezzlement and abuse of power
  • friends
  • Senior Member
  • ***
  • Posts: 14,274
Re: Colonial pays huge ransom
« Reply #12 on: May 13, 2021, 08:33:09 PM »
5 mil was probably chump change compared to the operational losses
Quote from: Ben
Holy hell. It's like giving a loaded gun to a chimpanzee...

Quote from: bluestarlizzard
the last thing you need is rabies. You're already angry enough as it is.

OTOH, there wouldn't be a tweeker left in Georgia...

Quote from: Balog
BLOOD FOR THE BLOOD GOD! SKULLS FOR THE SKULL THRONE! AND THROW SOME STEAK ON THE GRILL!

French G.

  • friend
  • Senior Member
  • ***
  • Posts: 10,184
  • ohhh sparkles!
Re: Colonial pays huge ransom
« Reply #13 on: May 13, 2021, 08:34:30 PM »
I had read that it never got to the controls, just the business side and the company pulled the plug to protect the pipeline. Not sure if accurate the reporting is as good as it always is.
AKA Navy Joe   

I'm so contrarian that I didn't respond to the thread.

Cliffh

  • friend
  • Senior Member
  • ***
  • Posts: 2,227
Re: Colonial pays huge ransom
« Reply #14 on: May 13, 2021, 09:02:04 PM »
Depends on how big and complicated their systems are, how good their backups (and security) are.  How well things are documented.  Did it get into the SCADA stuff?

Ransomewhere stress tests your recovery.  And even if they get a good decryption key, they're looking at a lot of work.

(Last ransomware remediation I did, last week, they had no backup.  Zero, zip, nada.  Fortunately for them the new owner had moved from a locally housed application, to the cloud based version. 

So, if you do get a good decryption key, you can restore your data.  With a lot of work. 

I wonder if Colonial will invest in a (better) backup system?

I've been around computers for a while now, but never heard of SCADA. 

ConstitutionCowboy

  • friend
  • Senior Member
  • ***
  • Posts: 642
  • My Gender and Pronouns are Standard.
Re: Colonial pays huge ransom
« Reply #15 on: May 13, 2021, 09:23:46 PM »
Little Boy was the code name for the type of bomb dropped on Hiroshima.

I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.

Woody
   "Knowing the past, I'll not surrender any arms and march less prepared into the future."   B.E.Wood

MechAg94

  • friend
  • Senior Member
  • ***
  • Posts: 33,622
Re: Colonial pays huge ransom
« Reply #16 on: May 13, 2021, 09:40:38 PM »
So, if you do get a good decryption key, you can restore your data.  With a lot of work. 

I wonder if Colonial will invest in a (better) backup system?

I've been around computers for a while now, but never heard of SCADA.
I forget the acronym, but in my company it is the internal system that is used to track all the metering data across our pipeline, production and customer meters.  I can pull up a small program and see all the flows in and out of the pipeline (pressures also) and do trending.  I didn't realize until later that a lot of people call those systems SCADA. 

We have a separate group that does industrial network security at all industrial locations.  Hardware and software firewalls and all that.  Remote access is very limited. 
“It is much more important to kill bad bills than to pass good ones.”  ― Calvin Coolidge

MechAg94

  • friend
  • Senior Member
  • ***
  • Posts: 33,622
Re: Colonial pays huge ransom
« Reply #17 on: May 13, 2021, 09:42:19 PM »
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.

Woody
I would be curious just how serious the FBI/CIA get about cyber crime.  Seems to me it ought to be high on their list. 

Maybe someone could plant a story that the same people traffic in guns.
“It is much more important to kill bad bills than to pass good ones.”  ― Calvin Coolidge

RoadKingLarry

  • friends
  • Senior Member
  • ***
  • Posts: 21,841
Re: Colonial pays huge ransom
« Reply #18 on: May 13, 2021, 09:58:12 PM »
Why would it have to be a government entity delivering "justice"?
Might not get the money back but sometimes sending a clear message to the next in line to try might not be a bad thing?

I'm sure there must be a discreet "private contractor" somewhere out there willing to get the job done.
 [ar15] [ar15] [ar15]
If ye love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or your arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that you were our countrymen.

Samuel Adams

Bogie

  • friend
  • Senior Member
  • ***
  • Posts: 10,153
  • Hunkered in South St. Louis, right by Route 66
    • Third Rate Pundit
Re: Colonial pays huge ransom
« Reply #19 on: May 13, 2021, 10:05:49 PM »
The FBI, etc., won't really get involved.
 
Computers are hard.
 
And... They aren't tracing financials where they can confiscate money, with maybe some going missing. They just need the computers to keep working. Where's the payoff in that?
Blog under construction

zxcvbob

  • friend
  • Senior Member
  • ***
  • Posts: 12,208
Re: Colonial pays huge ransom
« Reply #20 on: May 13, 2021, 10:55:15 PM »
Supervisory Control and Data Acquisition.  SCADA.  That was my first job out of college, programming microcontrollers for the oil and gas industry.
"It's good, though..."

MechAg94

  • friend
  • Senior Member
  • ***
  • Posts: 33,622
Re: Colonial pays huge ransom
« Reply #21 on: May 13, 2021, 10:57:55 PM »
The FBI, etc., won't really get involved.
 
Computers are hard.
 
And... They aren't tracing financials where they can confiscate money, with maybe some going missing. They just need the computers to keep working. Where's the payoff in that?
At some point, it is affecting commerce.  I guess the effect of this corruption on commerce doesn't even register compared to the effect of Govt corruption on commerce so they are not concerned about the competition. 
“It is much more important to kill bad bills than to pass good ones.”  ― Calvin Coolidge

WLJ

  • friends
  • Senior Member
  • ***
  • Posts: 27,849
  • On Patrol In The Epsilon Eridani System
Re: Colonial pays huge ransom
« Reply #22 on: May 13, 2021, 11:00:41 PM »
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.

Woody

I didn't get it at first myself
"Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us".
- Calvin and Hobbes

zahc

  • friend
  • Senior Member
  • ***
  • Posts: 5,791
Re: Colonial pays huge ransom
« Reply #23 on: May 13, 2021, 11:07:01 PM »
The optimist in me thinks they paid it so the FBI can trace where the Bitcoin goes. It would explain why they changed their tune suddenly.

In America, you can take down hospitals, and people will just shake their heads and blame the hospitals. Mess with our gas, and we will literally go to war.
Maybe a rare occurence, but then you only have to get murdered once to ruin your whole day.
--Tallpine

230RN

  • It's like swimming to shore in an ebb tide.
  • friend
  • Senior Member
  • ***
  • Posts: 18,826
  • Pushing back. Help me out, here...
Re: Colonial pays huge ransom
« Reply #24 on: May 15, 2021, 01:25:00 AM »
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.

Woody

It was a poorly structured joke anyhow, nothing negative to you, but it would not have come up if you hadn't mentioned wiping them off the face of the earth.  They can't all be good ones.  Blame my writers.