Pipeline Hack Exposes Brutal Vise of Cyber-Era Extortion Schemes
- Company declines to say whether it’s negotiating with hackers
- Path to restoring services weighed against cost of leaked data
The attack that hit Colonial Pipeline last week is a novel form of cybercrime that puts normally staid corporate entities in the vise of an old-school extortion scheme, one in which a company’s balance sheet, insurance status and capacity to absorb the pain of a lengthy operational shutdown may all come into play.
The attackers, specialists in a type of hack called ransomware, penetrated the company’s administrative network and locked employees out of company computers, forcing the unexpected shut down of the Eastern Seaboard’s main supply source of diesel, gasoline and jet fuel.
Colonial is getting help from private cybersecurity experts, but the company is largely alone in facing a barrage of unenviable choices -- not the least of which is whether to negotiate with the hackers and pay the ransom, according to security experts and veteran negotiators.
Colonial’s executives – as well as much of the country – are now getting a brutal lesson in the efficiencies of ransomware and the fact that the hackers hold most of the key advantages. Some ransomware groups, including DarkSide, the group that is suspected of breaching Colonial, now makes it a regular practice to lock up a victim’s data and steal it, too, threatening to make it public as part of the extortion demand.