The Risks of Paying Ransoms, Darkside Group Gets $5Mil

On May 7th, a ransomware attack, now confirmed by the  Federal Bureau of Investigation (FBI) to have been the acts of the criminal network group Darkside, forced Colonial Pipeline to proactively shut down operations. On Friday, Bloomberg reported that Colonial Pipeline paid the nearly US$5 million ransom in untraceable cryptocurrency within hours after the attack.

Colonial Pipeline provides nearly half the fuel supply for the U.S. East Coast. Stores of gasoline, oil, jet fuel, home heating and military supplies were all so heavily impacted that to help with the shortages, the Federal Motor Carrier Safety Administration's (FMCSA) declared a state of emergency in 18 states. Widespread panic buying began to cause shortages. In metro Atlanta, 30% of gas stations have run out of gasoline. In Raleigh, North Carolina, 31% of gas stations had no fuel on Tuesday. Meanwhile, unleaded gas prices hit an average of $2.99 a gallon, its highest price since November 2014, the American Automobile Association said.

Once the ransom payment was received, the criminal group provided Colonial Pipeline with a decrypting tool to restore its disabled network. On Thursday, the largest fuel pipeline in the U.S., which carries 100 million gallons per day of gasoline, diesel and jet fuel, began moving some of the first millions of gallons of motor fuel. On Friday, Colonial Pipeline ramped up deliveries to fuel-starved markets on the East Coast. Although the attack was the most disruptive cyberattack on record and underscored the vulnerability of vital U.S. infrastructure to cyberattacks, the paying of the ransom set a dangerous precedence. It's generally accepted as bad practice to negotiate with terrorists. It's generally accepted as bad practice to negotiate with terrorists.

The High Risks of Paying Ransomes

Adebayo Adeleke, a U.S. Army Veteran, thought leader and speaker on geopolitics, risk management and security took a moment to share his concerns with Procurement Magazine on the precedence being set. "Historically, we don't negotiate with terrorists. Paying the ransom for a cyberattack and engaging them in monetary negotiation is legitimizing their efforts, goals and means. Ransomware is all about the money, and it's profitable, and because of this, it has been used as a tool for years now. To make ransomware go away, we must make it unprofitable, and the only way to make it unprofitable is NOT to pay them. 

"Yes, it's easier said than done. There are only two choices one has when confronted with a cyberattack by ransomware, pay the amount or negotiate with them or do not pay them. I understand both sides. Shareholders pressure, national security issue at stake, severe economic impact, undue hardship, job loss, impact on the local communities and the list goes on. On the other hand, rebuilding what must have been stolen might run the organization out of business and expose lapses in U.S. national security as far as critical infrastructure is concerned, and the list goes on. There is no easy way out, but the moment money is exchanged for stolen data, it sets the precedence of exploitation and legitimizes bad behaviour, and this will continue to make the behaviour profitable. Either way, the outcome is never going to restore Colonial back to norm in the needed time. It's not going to be easy to stop these acts. The inevitable has to be done.

"Terrorism, banditry, kidnapping, ransomware all follow the same tactics. Again these tactics are not new, but it's interesting that they are digitizing tactics in a very worrisome way. There is nothing absolutely new underneath the sun. As it is in old, so it is in the new… you pay them, you glorify them."