Colonial Pipeline ransomware attack: Paid $5 million ransom

Colonial Pipeline restored its complete pipeline system on Thursday, nearly a week after a ransomware attack targeted its IT systems, forcing it to pay over $5 million ransom to reclaim control of its computer systems.

 

“Following this restart, it will take several days for the product delivery supply chain to return to normal,” the company said in a statement on Thursday evening.

 

The company’s official website, on the other hand, has been taken down as of this writing, with the message “This request was blocked by the security rules.”

 

According to Bloomberg, Colonial Pipeline paid the ransom within hours of the DarkSide ransomware attack in order to obtain a decryptor, which turned out to be so sluggish that Colonial only used its own backups to restore systems that had been rendered inoperable by the ransomware.

 

The pipeline operator had around $15 million in cyber insurance coverage, according to Insurance Insider.

 

Paying a ransom to criminals is not acceptable to the US Cybersecurity and Infrastructure Protection Agency (CISA), as it will allow adversaries to threaten more organizations and encourage other cybercriminals to deploy ransomware.

 

Affected companies, on the other hand, have often chosen to comply with the attackers’ demands because it is the easiest way to restore regular operations and avoid the risk of data disclosure.

 

Insurance firms are fuelling the growth of ransomware attacks, according to a 2019 ProPublica investigation, by covering the risk minus a deductible, which is usually much less than the ransom sought by attackers.

 

The news comes as new data from Test Issue shows that the number of ransomware victims it is tracking has increased by 102 percent year over year in the first half of this year.

 

Health care was the most heavily attacked sector in April, with nearly 110 regular weekly attacks over the course of the thirty-day span, followed by utilities (59), and insurance policy/lawful access (48). (34).

 

Also read: Health Service Executive IT system shut down suffers a major ransomware attack

 

The protection provider advised businesses to be particularly vigilant during weekends and holidays, when many attacks occur.

 

It advocated for the use of conduct-centered detection resources, prompt patching, user training, and threat searching for malware commonly used in which was before attacks.