compromise! U.S. "Youtube" Has Paid 75 Bitcoins to Hackers as Ransom
本文约3027字,阅读全文需要约12分钟
On May 7, US time, Colonial Pipeline, the largest local oil pipeline company, was hacked, and an important oil pipeline on the east coast was forced to shut down on the same day
Photo via: Francois Picard/Agence France-Presse/Getty InagesOn May 7, US time, Colonial Pipeline, the largest local oil pipeline company, was hacked. An important oil pipeline on the East Coast was forced to shut down on the same day, and a large amount of fuel was trapped in a refinery in Texas.Colonial Pipeline's oil pipeline system provides 45% of the fuel on the east coast of the United States. In addition, Colonial Pipeline also provides refined petroleum products such as gasoline, diesel, and jet fuel to the U.S. military.In a statement from Colonial Pipeline stating that they were confident of the ransomware attack, "We determined that the incident involved ransomware. In response, we proactively took some systems offline to contain the threat, and the attack temporarily halted all pipeline operations." And affected some of our IT systems."The FBI accused the hacking group DarkSide of being behind the Colonial Pipeline incident.According to reports, DarkSide is a newly established hacker group with a strong organization. Investigators believe that they are most likely composed of senior hackers and have attacked dozens of companies in recent months. DarkSide stated on its website on the dark web that they have earned millions of dollars through extortion, and claimed that they have successfully invaded the network systems of more than 80 European and American companies.The Bureau of Investigation alleged that the organization that produced the Colonial Pipeline incident ransomware paid through anonymously traded Bitcoin, and DarkSide also used the anonymity software Tor to hide its server location, which prevented investigators from obtaining valid information that could be used as evidence. However, security researchers say DarkSide, likely based in Eastern Europe, is recruiting "alliances" with access to victim networks through hacker online forums.The developers of DarkSide declined to comment for this story. In the "News" section of the group's website, they deny responsibility for the Colonial Pipeline incident and blame an affiliated organization. DarkSide stated that they will intervene more in the attack targets that the affiliated organizations want to "avoid future social impact."Although the FBI has been reminding the extorted company not to pay the ransom for years so as not to encourage hackers, according to YAHOO NEWS, Colonial Pipeline paid Darkside 75 bitcoins as a ransom on the day of the incident.(YAHOO NEWS cites reports from Bloomberg, The New York Times and The Wall Street Journal)Undoubtedly, this news contradicts media reports earlier this week that the company has no intention of paying the ransom. It is said that the hackers provided decryption tools after receiving the ransom, but the entire decryption process was very slow, so Colonial Pipeline had to continue to use the backup to restore the system. On May 13, Colonial Pipeline announced that it had resumed operations.But several governors have declared states of emergency in response to the crisis as the shutdowns have disrupted fuel deliveries and prompted episodes of panic buying.At present, millions of people in the United States work and study remotely. Security researchers believe that this gives hackers more opportunities to carry out cyber attacks, and it also makes the scale of cyber attacks larger and larger. Moreover, those enterprise or institutional networks without security protection are more likely to be illegally invaded.While there is no official clearinghouse for tracking software ransomware, the FBI received nearly 2,500 such case reports in 2020, a 66% increase from 2019.Based on the anonymity of the dark web, hackers have long been proficient in exchanging network vulnerabilities on it. The anonymity of cryptocurrency payments, which limits law enforcement’s ability to track them down, and the proliferation of insurance policies that cover ransomware payments have, in part, spawned an increasingly professional ransomware industry."Ransomware is exploding because it's scalable, predictable, and profitable. If that's not a business model, I don't know what is," said a professional in the business of cyber, privacy, and data innovation.Blockchain analysis firm Chainalysis said that because both criminals and victims want to keep cyberattacks secret, it is difficult to obtain precise data on attacks. But what is known is that ransomware victims paid hackers at least $350 million worth of cryptocurrency in 2020, a fourfold increase from 2019. Security experts and cybersecurity officials estimate that cyberattacks cost the U.S. economy billions of dollars a year.The FBI has been warning companies not to pay ransoms to hackers for years as ransomware has become a business model, but cybersecurity firm Bitdefender says at least half of its victims still pay.The reason is that the ransomware will encrypt the contents of the victim's computer, and the hacker promises that receiving the ransom will give the victim a decryption key to unlock the hacked system. Most victims pay the ransom due to failure to do system backups, or the enormous amount of work required to restore hundreds of computers.As a result, companies that back up their network systems tend to be the least vulnerable because they are not under pressure to pay the ransom. But for most companies, the upfront cost of preventing a potential crisis that might strike at any time is too high.
Schools, law firms, local governments, airports and law enforcement agencies have also been attacked in the past year.In September 2020, a hack cost hospital chain United Health Services $67 million in pre-tax losses. A month later, a ransomware group attacked dozens of hospitals simultaneously and on a large scale.Also in 2020, the Sheldon Independent School District in Houston was hacked, rendering its systems inoperable and affecting payroll. To restore normal operations, the school district paid $206,931 in ransom after negotiating with the hackers, compared with the original ransom of $350,000.“We are on the cusp of a global digital deluge driven by greed, vulnerability and digital ecosystem and expanding criminal enterprise."Possibility of being blackmailed by software in different fields
Data sources: Sophos State of Ransomware 2021 report (industries, impact); FBI Internet Crime Complaint Center (complaints, loss)
image description
Graphics: Siemond Chan/ The Wall Street JournalTypically, ransomware groups attack the victim's business-critical efforts and demand a ransom to restore business. But in recent years, ransomware groups have also changed "with the times", and they have begun to threaten to release the files obtained from victims.To apply pressure, ransomware gangs now notify employees and even partners of the victimized companies after a cyber attack, said Sherri Davidoff, chief executive of security consultancy LMG Securiy. DarkSide said it was willing to sell information stolen from victims to short sellers if the victims refused to pay.image description
Photo via: Nicholas Kamm/Agence France-Presse/Getty ImagesIn an interview last month, John Carlin, a senior Justice Department official, said ransomware has increased the success rate of criminal hackers' operations and enabled them to demand more and more money from their victims, reaching tens of millions of dollars. , and reinvesting those funds in the development of new tools and services to enable more and better attacks, "there's a vicious cycle where the more money they extort, the more money they have to upgrade their equipment, we have to find a way to break that cycle."
