Colonial Pipeline pays ransom; Ireland's health service denies payment: 4 concerns about paying hackers

Listen

It may be tempting to pay a ransom during a cyberattack to make the problem disappear — but cybersecurity experts warn doing so only exacerbates the problem, according to a May 16 article by The Hill.

Colonial Pipeline provides 45 percent of the East Coast's fuel. After a data breach disrupted its operations, the company was under pressure to resume services. It reportedly paid a $5 million ransom to the cybergang that shut it down, although the company has not confirmed or denied it. If it didn't pay the ransom, it may have taken longer to restart the pipeline, according to The Hill.

A ransomware attack on Ireland's national health service took its IT systems offline and disrupted patients' ability to seek care. Ireland's prime minister, Micheál Martin, asserted that ransom would not be paid but is being dealt with in a way that is in accordance with guidelines from cybersecurity experts.

As ransomware attacks have spiked during the COVID-19 pandemic, cybersecurity experts warn that paying cybergangs ransom only makes the problem worse.

Four concerns surrounding paying cyberattackers:

  1. Cybergangs rely on ransom payments to keep their operations going. Paying ransomware operators feeds their business model and keeps a perpetual cycle of attacks. It also makes ransom-payers active investors in criminal activities.

  2. Refusing to pay is often much more expensive than the ransom demanded. For example, the city of Baltimore was hit by an attack in 2019, which kept the system offline for weeks. Hackers demanded about $80,000 to unlock the city's system. The city ended up spending about $18 million to recover the system.

  3. The decision to pay or not to pay can have reputational risks. Funding crime is often viewed negatively, but it can also prevent added attention to the issue.

  4. Ransom-payers often have to trust that criminals are going to hold up their end of the deal. Some cybergangs are known to exploit ransom-payers in future attacks. The decryption purchase may also not even work to unlock the system.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars