Ransomware attacks have grown in both scope and sophistication in the last year, Deputy Attorney General Lisa Monaco said Monday, calling it an “epidemic.”
“I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,” he told The Wall Street Journal.
The FBI and Department of Homeland Security recommend against paying ransom because of the potential to encourage additional attacks. Payment also does not guarantee that a victim’s files will be recovered.
In the case of Colonial, it appears the company’s notification to the FBI helped investigators track down and seize approximately $2.3 million in Bitcoins that had been paid to the criminal group — a rare outcome for a company that has fallen victim to ransomware.
Blount is scheduled to address lawmakers twice this week, where he will likely be questioned about the payment decision, as well as the cyber security standards the pipeline had in place prior to the attack.
Over the weekend, Energy Secretary Jennifer Granholm said she would be open to a law that bans the payment of ransom, but she said it’s unclear if Congress or President Joe Biden agree.
“I think that we need to send this strong message that paying a ransomware only exacerbates and accelerates this problem,” she told NBC’s “Meet the Press.”
The password had been linked to a disused virtual private networking account used for remote access, and the account was not guarded by an extra layer of security known as multi-factor authentication, the cybersecurity firm hired by Colonial confirmed to CNN.
It is still unclear how the attackers obtained the compromised credential.
US authorities later said that while the attack compromised Colonial’s IT systems, there was no evidence that its operational systems had been affected.
The cyberattack on Colonial exposed how ransomware, which is primarily a criminal, profit-driven enterprise, “can rise to the level of posing a national security risk and disrupt national critical functions,” a DHS official said when the directive was announced.
CNN’s Evan Perez, Zachary Cohen, Alex Marquardt and Brian Fung contributed to this story.Source link