Vertiv Introduces New Single-Phase Uninterruptible Power Supply for Distributed Information Technology (IT) Networks and Edge Computing Applications in Europe, Middle East, and Africa (EMEA)Read more Students from JA Zimbabwe Win 2023 De La Vega Global Entrepreneurship AwardRead more Top International Prospects to Travel to Salt Lake City for Seventh Annual Basketball Without Borders Global CampRead more Rise of the Robots as Saudi Arabia Underscores Global Data and Artificial Intelligence (AI) Aspirations with DeepFest Debut at LEAP23Read more Somalia: ‘I sold the last three goats, they were likely to die’Read more Merck Foundation and African First Ladies marking World Cancer Day 2023 through 110 scholarships of Oncology Fellowships in 25 countriesRead more Supporting women leaders and aspirants to unleash their potentialRead more Fake medicines kill almost 500,000 sub-Saharan Africans a year: United Nations Office on Drugs and Crime (UNODC) reportRead more Climate crisis and migration: Greta Thunberg supports International Organization for Migration (IOM) over ‘life and death’ issueRead more United Nations (UN) Convenes Lake Chad Countries, Amid Growing Regional CrisisRead more

To pay or not to pay? The dilemma for ransomware victims

show caption
Dozens of US companies, towns and institutions have been the subject of ranswomare hacking attacks./AFP
Print Friendly and PDF

May 13, 2021 - 09:13 AM

WASHINGTON — Last year, a northwestern US county paid $300,000 to recover data locked by hackers, opting like many victims to pay the ransom despite experts advising against it — the same dilemma which has recently faced fuel behemoth Colonial Pipeline.

“We had no phones, and no internet, and no computer system,” former Tillamook county commissioner Bill Baertlein said during an online seminar.

Authorities had studied the system to see if it could be unlocked without paying, but “we determined that we probably could not fix it.”

Colonial found itself in a similar quandary, after a ransomware attack Friday forced the company — which operates the largest fuel conduit system in the United States — to shut down its entire network.

In Tillamook, a rural county near Portland, Oregon known for its cheese, negotiations with the hackers — whom Baertlein said were from Russia — took two weeks. The city finally paid up, with the help of a computer security company.

“Our belief (is) that it only happens to someone else,” said Baertlein. “Well, it happened to us, and I think it can happen to anybody.”

In total, the whole situation cost Tillamook $525,000 — but that’s still less than the $1 million it would have cost the county of 26,000 people to redo the entire system, an operation that would have taken between one and two years, according to Baertlein.

Just four months after the Tillamook affair, the University of Utah paid nearly $460,000 to recover the private data of its students and staff, also locked by hackers.

The Salt Lake City institution later acknowledged there was “risk” associated with paying, particularly “uncertainty that the threat actor will adhere to negotiated terms.”

Hackers will sometimes leak part of the locked data in order to pressure their victims.

That’s what happened Tuesday to the Washington police department, which was the victim of an attack by the Babuk cybercrime group.

Specializing in extorting funds, the group recently seized administrative and personnel files from the US capital’s police.

The hackers, dissatisfied with the negotiations, then released the encrypted files of about 20 officers, a police spokeswoman said.

“The negotiations reached a dead end, the amount we were offered does not suit us,” Babuk told the police, threatening to reveal all of the stolen files with their decoding key.

Cost-benefit ratio 

The files contain psychological evaluations, professional interviews, social security numbers, addresses and personal phone numbers, or officers’ electronic signatures, according to specialized news outlets.

All data that could be used by other cybercriminals.

Other attacks on critical infrastructure for the country could have economic implications, as with Colonial Pipeline.

Last weeks’ hacking of Colonial, which sends gasoline and jet fuel from Texas’s Gulf Coast to the populous east coast, caused thousands of motorists to panic and rush to gas stations, resulting in gasoline shortages in several regions.

It began to reopen Wednesday, warning it would take “several days” before things returned to normal. It was not clear if the company had paid any ransom, with the Washington Post reporting that it had no plans to do so, and instead was working with a cybersecurity firm.

The US government is reluctant to give instructions to companies calling on them to strengthen their security systems.

“They have to just balance off, in the cost-benefit, when they have no choice with regard to paying a ransom,” Anne Neuberger, a cyber specialist on the US National Security Council, said Monday.

Colonial Pipeline is a private company, and President Joe Biden’s administration “has not offered further advice” on how to proceed, she said.

Still, federal law enforcement and some experts advise against paying a ransom.

Not only is there no guarantee of recovering the data, paying “also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI says on its webpage dedicated to data theft.

According to Danish IT security company Heimdal, half of all hacking victims never get their data back. And even if they do, there’s no guarantee the information hasn’t already been resold on the dark web.

Additionally, for US companies, paying a ransom could be illegal in some situations, Heimdal points out.

In October 2020, the Treasury Department’s Office of Foreign Assets Control indicated that entities that paid a ransom could be investigated and fined, even if they went through an intermediary such as an insurance company, for funding a criminal group subject to Washington sanctions.

MAORANDCITIES.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.