(Reuters) – Digital extortion attempts return to pre-colonial levels, according to data and interviews with some respondents, suggesting that the upheaval around the notch that paralyzed a major US fuel line has not yet limited cybercriminals & # 39; appetite for redemption.
Ransomware incidents are usually shrouded in secrecy, with victims and criminals anxious to prevent the eye-watering extortion payments from becoming public. But indirect data suggest that global publicity surrounding the hack of the Colonial Pipeline, which paralyzed the company for nearly a week and led to fuel shortages on the east coast of the United States, did little or nothing to puncture the booming industry.
There was a dip in the number of companies whose data was uploaded to the ransomware operators' name-and-shame websites in the days after the colonial invasion, says Allan Liska, a researcher at the cyber security company Recorded Future.
But the sites that hackers use to force their victims to pay by leaking sensitive data, are now "back to normal," he said, with 1
Data privately tracked by ID Ransomware, a ransomware identification site run by Emsisoft's researcher Michael Gillespie, shows that extortion software submissions fell sharply in the days following the news of the colonial hack, only to rise higher than before.
Mr. Gillespie's colleague Brett Callow said that a possible explanation for the dip is that some hackers put their business on pause in the pipeline's chaos and are now clearing the backlog.
"I think the groups started working as usual," Mr. Callow sa.
Another possible explanation is that it was a period of confusion because underground forums banned advertising for ransomware partnerships, said David Nides of the consulting firm KPMG.
"The threat actors adjusted quickly," he said.  Other analysts saw no change at all.
"We did not really notice any ups or downs," says Mark Manglicmot of cybersecurity company Arctic Wolf.
Some ransomware operators, including DarkSide, blamed the group for the Colonial intrusion, have either disappeared from the web or announced new restrictions, statements that have been met with skepticism from experts.
Mr. Manglicmot said he also doubted that the disappearances had any real impact.
"There is a large enough market that if one supplier goes down there are others they can go to pretty quickly," he said. "The attackers remain unafraid of the publicity."
This may be due in part to extraordinary sums of money. In a blog post published on Tuesday, the digital currency tracking company Elliptic said that DarkSide had withdrawn $ 90 million in ransom from 47 victims.
Whether Colonial himself paid a ransom has not yet been announced. Last week, Reuters and other media reported that Colonial did not plan to pay a ransom. But Bloomberg and some other news later reported that they had paid nearly $ 5 million. The report was confirmed by Elliptic, who said they had identified the payment itself on the publicly visible ledger for bitcoin transactions.
Repeated attempts by Reuters to reach the hackers have failed and Colonial itself has declined to comment on whether it paid.  US Representatives Carolyn Maloney and Bennie Thompson, chairmen of the House Committees on Supervision and Reform and Homeland Security, said on Tuesday that they were disappointed with the Colonials' refusal to discuss the reported ransom. "We need this information," the couple said in a joint statement. Catalog