- Sep 19, 2020
- 7,669
- 8,863
- 2,138
>So the key was not very useful. I'm not sure what that means. Was it somewhat useful?So the key was not very useful. I'm not sure what that means. Was it somewhat useful?>If the key did not work, that will encourage future victims not to pay. So I'm sort of surprised.If the key did not work, that will encourage future victims not to pay. So I'm sort of surprised.It's a practical approach for someone with deep pockets, but it encourages more illegal activity.I hate the thought of paying the 5M, but if I were the CEO calling the shots, I'd say pay it. 5 million is pocket change for Colonial Pipeline. I'm sure that the cost per day of having the pipeline shut off and of working around the ransomware quickly dwarfed 5 million.
Got to hate it when the bad guys win, but sometimes its best to pick your battles and cut your losses. This battle is loss, it was time to tap out and get back to business.
Having said that, a battle was loss, but the war is not over. Joe Biden needs to sick the CIA on Darkside as if they were Osama Bin Laden. They need to know that there is a target on their backs and the 5 million isn't worth it.
Kind of like the small business owners that would pay a mafia shakedown for "fire insurance" premiums.
The right approach is of course, to secure critical infrastructure from such attacks. While this is not foolproof, any large business should also have disaster plans in place, with full anf frequent backups of critical computer systems.
I read that although Colonial paid the ransom, the key they received did not work. So they probably did what they were supposed to do anyway, and restore their computers from backup.
Yeah, I was surprised to read it. Poetic justice, if accurate. Here's one link...
Colonial Pipeline Reportedly Paid Hackers $5 Million for Decryption Key That Wasn't Very Useful
About a week ago, Colonial Pipeline paid the ransomware group DarkSide approximately $5 million in exchange for a data decryption key that didn’t really decrypt that much data.gizmodo.com
I had not seen the gizmodo link before. It says decryption was too slow, so the key technically worked, but was practically not very helpful.