Published On: Fri, Jun 11th, 2021

Why Are Hacked Companies Still Paying Ransoms?



This week, Congress summoned the CEO of Colonial Pipeline to a hearing to answer questions from lawmakers regarding last month’s hacking attack that affected the fuel supply chain in the East Coast of the United States.

Among the matters that were discussed was the $4.4 million payout that was netted by Russia’s DarkSide Ransomware Gang, the group that carried out the attack, supposedly without the consent of the Kremlin.

Some lawmakers and government officials were incensed by the decision to pay the hackers, behavior that many reason will only encourage future attacks against critical infrastructure.

In fact, paying ransoms in many cases in not only discouraged, but it can also actually lead to the sanctioning of officials acting of behalf of the victimized companies, in addition to civil penalties.

Last October, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory highlighting the risks associated with any potential ransom payments made to hackers and outlined potential penalties for American businesses found to be in violation of OFAC’s directive.

The advisory specifically targeted payments made to individuals or groups that are already under U.S. sanctions and noted that, “ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States,” while adding that “ransomware payments may also embolden cyber actors to engage in future attacks.”

Regarding the DarkSide ransomware hack against Colonial Pipeline, Colonial CEO Joseph Blount admitted previously to The Wall Street Journal in May that as a result of the uncertainty regarding the severity of the breach and the length of time it would take to restore the pipelines vital services that affect roughly 45% of the East Coast’s fuel supply, he authorized the ransom payment of $4.4 million.

Blount, who was also well aware of the OFAC directive and potential penalties associated with paying sanctioned entities, told lawmakers, “I do know that repeatedly throughout the process, the fact of whether DarkSide was on the sanctions list or not was fact-checked repeatedly.”

In the past, many lawmakers, particularly the pro-business GOP variety, would appear to be more sympathetic to victimized companies. This has certainly changed as the frequency of major attacks has increased and the fallout from these breaches are having major economic implications globally.

Even some of the more laissez-faire members of Congress are demanding more oversight and accountability as a result, especially considering that the intelligence community is going to be increasingly involved in resolving matters on behalf of private companies.

For example, the FBI made a significant investment in time and resources to help Colonial Pipeline track down and recover roughly over half of the $4.4 million in ransom ($2.3 million in Bitcoin) paid to DarkSide.

The logistics of surviving a ransomware attack weighs heavily on an individual company’s decision on whether to play ball with a hacking group.

The sheer cost involved with rebuilding a business’s networks is one major consideration.

Additionally, many companies are insured against such hacks and experts including former National Coordinator for Security, Infrastructure Protection, and Counterterrorism for the United States between 1998 and 2003, Richard Clarke, feel that the insurance component only offers an incentive for lucrative hacking outfits to remain in business.

In a recent column for the New York Daily News co-written by Clarke and Senior Fellow at the Council on Foreign Relations (CFR) Robert K. Knake, they observed, “Usually (victims of a cyberattack) it is a corporation that never tells the public about the attack.

“The companies do tell their insurance carriers, and they, in turn, pay up. It’s cheaper for the insurance companies to pay the hackers to unlock the networks than to pay computer security companies to rebuild the corporate network from scratch.”

The dangerous precedent of an insurance-based resolution has seemingly been well set over the past several years and hackers are well aware that in many instances, companies and their insurers want a quick, quiet and uncontroversial closing to the matter.

But is this dangerous trend going to open the Pandora’s Box towards more governmental intervention in the private sector?

The truth is it has already begun. In late May, the Department of Homeland Security (DHS) established new cybersecurity guidelines that specifically targeted the nation's leading pipeline companies and requires them to report any cyber incidents to federal authorities.

The issue of hacking is certainly not exclusively an American problem, as globally, an attack that mimicked elements of the monumental 2017 WannaCry attack targeted the Irish healthcare system just days after the Colonial Pipeline Hack.

The attack forced the Irish hospital system shut down most IT systems for precautionary reasons and locked a number of healthcare providers out of their computers.

Irish prime minister Micheál Martin said of the incident, “It's a heinous attack, it's a shocking attack on a health service, but fundamentally on the patients and the Irish public.”

The battle between hackers, private enterprise and the government has many layers.

Most proponents of a heavy-handed state welcome the opportunity created by crisis to marginalize private autonomy and dig their hands deeper into the private sector.

The question here becomes, can a Democratic Party-led government be trusted to find a balance that does not interfere with the natural order of capitalism?

With additional changes expected at the Cybersecurity and Infrastructure Security Agency (CISA) and the vigilant posture currently seen in Congress, the next several months should go a long way towards answering that question.

Julio Rivera is a small business consultant, political activist, writer, and Editorial Director for Reactionary Times. He has been a regular contributor to Newsmax since 2016. His commentary has also appeared in The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and more. Read Julio Rivera's Reports — More Here.


© 2021 Newsmax. All rights reserved.



Source link

Comments are closed.