When Colonial Pipeline was struck with ransomware last month, many were surprised at how quickly the company paid the $4.4 million ransom. Surely a bu

Negotiating Ransoms: When to Play and When to Fold

submited by
Style Pass
2021-06-12 06:00:07

When Colonial Pipeline was struck with ransomware last month, many were surprised at how quickly the company paid the $4.4 million ransom. Surely a business that big and critical to the economy had sufficient resources and plans in place to recover quickly without needing to capitulate to extortionists.

But Colonial Pipeline CEO Joseph Blount told lawmakers on Capitol Hill this week that although his company had an emergency-response plan in place, it didn’t include plans for responding to a ransomware attack. The company did have insurance to pay for ransomware attacks, however, so the decision to pay was swift.

A ransomware notice first appeared on a machine in Colonial Pipeline’s control room around 5am on May 7, Blount testified. By 6am the company had shut down its 5,000-mile pipeline. Within another hour the company had contacted outside legal counsel and engaged digital investigations firm Mandiant to begin a forensic assessment of the damage. By late afternoon that day, Blount had decided to pay the bandits, and on May 8 the money was sent.

The rise in ransomware as a business for criminals has produced a parallel rise in companies engaged in helping victims negotiate ransoms and recover. Negotiating ransoms is a fraught process that can take more than a week and change rapidly, depending on the whims of the extortionists and the state of the victim’s backups, according to Bill Siegel, CEO and co-founder of Coveware, a company that negotiates ransomware payments for victims. His firm also aggregates statistics and other data about ransomware incidents to help the government track the scourge.

Leave a Comment