Colonial eventually paid the extortionistsa group known as DarkSidenearly$5 millionin Bitcoin.
TheFBI has since recoveredroughly half of the ransom.
Colonial confirmed the attack andthanked the FBI for its effortsin a statement.
40% off TNW Conference!
So in some respects, the attacks against Colonial Pipeline and JBS are nothing new.
Thousands of companies are targeted by ransomware each year, and many end up paying to recover their data.
Organizations cant stick their heads in the sand and hope this is going away.
They need to invest and start taking this seriously.
Is Ransomware on the Rise?
Certainly, the companies that make money from selling cybersecurity services report a rise in ransomware.
The cybersecurity firm SonicWall detectedmore than 304 millionattempted ransomware attacks in 2020, a 62 percent increase over 2019.
CrowdStrikemonitors organized criminal groupsthat are more intentional in selecting their targets, what the company calls big game hunters.
In 2020, the firm recorded at least 1,377 big game hunter infections.
Theres no comprehensive data source for ransomware attacks.
The FBI requests that organizations affected by ransomware report incidents so that the agency can better piece together trends.
The agencys numbers actually show a decline in incidents but a rapid rise in damages.
Why Is Ransomware on the Rise?
The pandemic certainly increased many organizations vulnerability to ransomware, experts said.
The Babuk ransomware group recently targeted Washington, D.C.s Metropolitan Police Department with this key in of attack.
The more ransoms get paid, the more likely ransomware attacks become.
The second major change is the emergence of ransomware as a service, or RaaS.
[RaaS] really lowers the barrier of entry into this business, Ayrapetov said.
Its a natural kind of evolution of a business model, and you get more scale that way.
As this scales, there are more players who might be more reckless.
What Can Be Done?
Cybersecurity experts say the solutions are widely knowntheyre just not widely implemented.
The Government Accountability Officereportedthat the percentage of companies paying for cyber insurance nearly doubled from 2016 to 2020.
Paying the ransom will lead to nothing more than more attacks on our critical infrastructure.
This article by Todd Feathers wasoriginally published on The Markupand was republished under theCreative Commons Attribution-NonCommercial-NoDerivativeslicense.
