Home » Colonial Pipeline attack: Don’t expect ransom payments to be recovered for everyone

Colonial Pipeline attack: Don’t expect ransom payments to be recovered for everyone

by Tech Reporter
11th Jun 21 8:39 am

FBI retrieving funds is a positive step, but organisations must still focus on protecting themselves as a priority.

In recent days, the FBI announced it has recovered $4.4 million in ransom payments from hacking group DarkSide, following the ransomware attack on the Colonial Pipeline. While it is good to see authorities scoring a victory over hackers, this doesn’t mean businesses can immediately rely on such help every time they experience a similar attack. Instead, they should continue focusing on protecting themselves. This is according to disaster recovery and business continuity expert Databarracks.

Peter Groucutt, Managing Director at Databarracks, said: “For the first time, things are really starting to happen in terms of putting a dent in ransomware. Retrieving the ransom money was one major development, but we’re also seeing movement in all other areas recently recommended by the Ransomware Task Force (RTF).

“For example, President Joe Biden is set to speak to Russian counterpart Vladimir Putin about doing more to tackle Russia-linked cybercriminals. This aligns with the RTF’s demand that governments ‘exert pressure on nations which are complicit, or refuse to take action against domestic ransomware groups’.

“There are also steps being taken by global government agencies – such as the Securities and Exchange Commission in the US and the Financial Conduct Authority in the UK – to increase regulation of cryptocurrency services.

“These interventions by authorities are still new so it’ll take a while for them to become properly established. There’s also no guarantee the highest echelons of law enforcement will come to your aid if ransomware strikes, so it’s dangerous to rely on it as a way out.

“The priority, therefore, is for organisations to shore up their own defences, while educating employees on the risks and how to spot suspicious emails or messages. All companies should have reliable backups to enable data recovery, and a Cyber Incident Response Plan detailing how to isolate, contain, remediate and bring systems back online. Organisations should also be ready to upskill if an attack hits, by either recruiting new people or engaging with external providers.”

Groucutt concluded: “We’re entering a new phase of the war against ransomware. It’s evolving from a frantic cat-and-mouse game into more of a chess-like situation, where a new level of cunning is needed both to carry out attacks and mitigate their impact. Governments and law enforcement have made some inroads, but now isn’t the time for organisations to sit back. In any attack, the first line of defence is the most important.”

Leave a Comment

You may also like