Colonial Pipeline Ransomware Response Raises Questions

As is often the case with ransomware attacks, the situation with the Colonial Pipeline hack has grown more complex as more information regarding the attack has been discovered. Here are some of the major developments that you should keep top of mind in the wake of this devastating ransomware attack.

First, a bit of bad news.

The Colonial Pipeline Attack Has Inspired Further Ransomware Campaigns

The attack on Colonial Pipeline brought a lot of attention to ransomware as a threat, encouraging and empowering hackers to use phishing campaigns designed around this fear as a way to spread their influence even further. These campaigns utilize email and other types of messaging to offer “ransomware system updates,” which to the untrained or uninformed eye might seem legitimate. In reality, however, these updates install ransomware on the user’s device instead of protecting against it.

These fraudulent emails ask the user to visit a website to download a “system update” to help protect their computer. This website is a replica of a legitimate one that is supposed to lend credence to their claims, leading to more users buying into the lie. Shortly after the news broke that Colonial Pipeline paid DarkSide, the ransomware group responsible for the attack, these phishing emails began to spread.

The Department of Justice Repossessed a Lot of the Ransom

On June 7th, the Department of Justice issued a press release that stated they had seized 63.7 Bitcoins, a value of approximately $2.3 billion, of what Colonial Pipeline had paid to DarkSide. The FBI followed the money to a wallet, which they then exfiltrated the key from, and received a large portion of the ransom payment. The FBI then seized the money. It is not the entirety of the sum, but it’s a step in the right direction.

Cryptocurrency Values Have Dipped

As you may have guessed, this seizure of funds also saw the value of cryptocurrencies decrease. If the entire draw of cryptocurrencies is so that the transactions can be anonymous and secure, then there is no solace in knowing that the FBI can track and repossess funds in this way. The market plummeted by 11 percent over the course of a single day.

It is likely that the government will continue to get involved moving forward, so we'll just have to wait and see the true fallout of this ransomware attack. One thing should be clear though: you don’t want this to be your business. Do everything you can now to protect your business from ransomware threats. You won’t regret it. To learn more about what you can do for your network security, reach out to Computerware at (703) 821-8200.