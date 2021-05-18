Ransomware hits near pre-Colonial Pipeline levels, data suggests

FILE PHOTO: Holding tanks are seen in an aerial photograph at Colonial Pipeline's Dorsey Junction Station
Raphael Satter
·3 min read

By Raphael Satter

WASHINGTON (Reuters) - Digital extortion attempts are returning to their pre-Colonial Pipeline levels, according to data and interviews with some incident responders, suggesting that the upheaval around the hack that paralyzed a major U.S. fuel conduit has yet to curb cybercriminals' appetite for ransoms.

Ransomware incidents are usually shrouded in secrecy, with victim companies and criminals alike eager to prevent the eye-watering extortion payments from becoming public. But indirect data suggests that the hack of Colonial Pipeline, which paralyzed the company for nearly a week and led to fuel shortages on the U.S. East Coast, did little or nothing to puncture the thriving industry.

There was a dip in the number of companies whose data was uploaded to ransomware operators' name-and-shame sites in the days following the Colonial intrusion, said Allan Liska, a researcher with cybersecurity firm Recorded Future.

But the sites, which the hackers use to pressure their victims into paying up by leaking reams of sensitive data, are now "back to normal," he said, with 10-15 victims posted daily.

Data privately tracked by ID Ransomware https://id-ransomware.malwarehunterteam.com - a malware identification site run by Emsisoft researcher Michael Gillespie - shows that submissions of malicious software dropped sharply in the days following news of the Colonial hack, only to rise higher than before.

Gillespie's colleague Brett Callow said that one possible explanation for the dip is that some hackers put their operations on pause amid the pipeline chaos and are now clearing the backlog.

"I think the groups got back to business as usual," Callow said.

Other analysts saw no change whatsoever.

"We didn't really notice any uptick or downtick," said Mark Manglicmot of cybsecurity firm Arctic Wolf.

Some ransomware operators, including DarkSide, the group blamed for the intrusion at Colonial, have either disappeared from the web or announced new restrictions, statements that have been met with skepticism from experts.

Manglicmot said he too doubted the disappearances had any real impact.

"There's a big enough market for it that if one provider goes down there are others they can go to pretty quickly," he said. "The attackers remain undeterred by the publicity."

That may in part be due to the extraordinary amounts of money involved. In a blog post published https://www.elliptic.co/blog/darkside-ransomware-has-netted-over-90-million-in-bitcoin on Tuesday, digital currency-tracking firm Elliptic said that DarkSide had extracted $90 million worth of bitcoin in ransoms from 47 victims.

Whether Colonial itself paid a ransom has not yet been publicly disclosed. Last week Reuters and other media reported that Colonial was not planning to pay a ransom. But Bloomberg and some other news outlets later reported it had paid nearly $5 million. The reporting was corroborated by Elliptic, which said it had identified the payment itself on the publicly visible ledger of bitcoin transactions.

Repeated attempts by Reuters to reach the hackers have been unsuccessful and Colonial itself has declined comment on whether it paid.

U.S. Representatives Carolyn Maloney and Bennie Thompson, the chairs of the House Committees on Oversight and Reform and Homeland Security respectively, said on Tuesday they were disappointed by Colonial's refusal to discuss the reported ransom.

"In order for Congress to legislate effectively on ransomware, we need this information," the pair said in a joint statement https://homeland.house.gov/news/press-releases/maloney-thompson-statement-on-staff-briefing-with-colonial-pipeline.

(Reporting by Raphael Satter; editing by Grant McCool)

Recommended Stories

  • U.S. Bankruptcy Tracker: Filings Slide to Zero as Pandemic Eases

    (Bloomberg) -- To get a sense of just how quickly corporate America has bounced back from the pandemic, consider this: for the first time since January 2020, U.S. bankruptcy courts saw no large Chapter 11 bankruptcy filings last week.The halt in filings by companies with at least $50 million of liabilities comes as re-openings and vaccinations pick up steam. Bankruptcies and restructuring in the lodging sector and others related to leisure and travel should continue to decline as vaccines roll out globally, Ronen Bojmel, head of restructuring at Guggenheim Securities, said in an interview.“People are going to want to go out, they will want to spend and travel, and the market will demonstrate significant strength for a period of time,” Bojmel said. But it’s “extremely volatile” and “could change direction pretty quickly.”Just 56 large firms have sought bankruptcy court protection in the U.S. as of May 17, well below last year’s tally of 87 during the same time. Still, the pace of bankruptcy filings is above the 10-year average of about 52 cases as of that date, data shows.“There’s no distress in the economy right now -- it’s pretty amazing,” said Chris Ward, a bankruptcy lawyer with Polsinelli PC. “Retail is coming back. Bars and restaurants are opening. There’s definitely optimism in the economy.”Despite the lack of new filings, last week was busy for companies already in bankruptcy court. Hertz Global Holdings picked Knighthead Capital Management and Certares Management to buy the car renter out of bankruptcy. Brazos Electric Power Cooperative secured a $350 million bankruptcy loan from JPMorgan Chase & Co. Energy company Seadrill Partners also won approval of its plan to slash $2.8 billion of debt, while the National Rifle Association lost its Chapter 11 protection after it was tossed out of bankruptcy court.Meanwhile, the total amount of traded distressed bonds and loans is less active, falling again to about $79 billion as of May 14, data compiled by Bloomberg show. There were 209 distressed bonds from 120 issuers trading as of Monday, up from 200 and up from 119, respectively, one week earlier, according to Trace data.Click here for a worksheet of distressed bonds and loansBusinesses most impacted by the pandemic stand to gain from the slow down in Covid-19 infections seen in recent weeks. The amount of traded distressed bonds rose 1.3% week-on-week, while distressed loans fell 13.2%Despite the lack of troubled issuers on a week-by-week basis, industries including retail, real estate, and hospitality can still offer deals for bargain hunters willing to take on uncertainty, Howard Marks, co-founder of Oaktree Capital Management, said last week during a virtual finance panel hosted by the Committee of 100.Diamond Sports Group LLC had the most distressed debt of issuers that hadn’t filed for bankruptcy as of May 14, Bloomberg data show. Its parent company, Sinclair Broadcast Group Inc., said in a March filing that it expects Diamond to have enough cash for the next 12 months if the pandemic doesn’t get worse.Click here for more news on distressed debt and bankruptcy. First Word is curated by Bloomberg editors to give you actionable news from Bloomberg and select sources, including Dow Jones and Twitter. First Word can be customized to your Worksheet, sectors, geography or other criteria by clicking into Actions on the toolbar or hitting the HELP key for assistance.More stories like this are available on bloomberg.comSubscribe now to stay ahead with the most trusted business news source.©2021 Bloomberg L.P.

  • From Bitcoin to Dogecoin: What’s Driving Cryptocurrencies’ Rise and the Challenges Ahead

    Cryptocurrencies such as bitcoin, ether and dogecoin have surged to highs that few investors would have predicted a year ago. The furious run has even the most optimistic traders asking: Can it last?

  • UPDATE 1-French broadcasters close ranks with anti-Netflix merger

    France's two biggest private broadcasters are closing ranks to fend off the meteoric rise of U.S. streaming platforms, hoping the desire for a national champion that can take on global video-on-demand giants will trump domestic antitrust concerns. Announcing their merger on Monday, TF1 and M6 stressed their move was a response to the accelerating challenges from global platforms, saying the deal was critical to ensure the long-term independence of French content creation.

  • Canadian National Railway shareholder urges board to amend Kansas City deal

    Hohn's TCI Fund Management, which has a 2.93% stake in Canadian National (CN), said the company should not go ahead with its plan to create a voting trust structure for the takeover. CN and Canadian Pacific Railway are seeking to buy U.S. railroad Kansas City Southern to create a North American railway spanning the United States, Mexico and Canada.

  • U.S. delays trading ban on Chinese-military linked securities

    WASHINGTON (Reuters) -The Biden administration on Tuesday gave investors two extra weeks to buy or sell securities in certain companies it deems are tied to the Chinese military, an extension it said was needed to craft a stronger policy to prohibit such trades. President Joe Biden's administration has been reviewing a number of aspects of U.S.-China policy, including a ban imposed under his predecessor Donald Trump on investments in certain Chinese companies that the United States says are linked to China's armed forces and intelligence agencies. Investors now have until 9:30 a.m. (1330 GMT) on June 11 to compete their transactions, the U.S. Treasury Department said in a notice posted on its website.

  • Yahoo Finance Presents: Rep. Kevin Brady

    The ranking member on the House Ways and Means Committee, Rep. Kevin Brady of Texas, sat down with Yahoo Finance’s Adam Shapiro to discuss Biden's tax proposals, the prospects for retirement reform, a possible bipartisan commission on the Jan. 6 violence, and what he'll miss most about Congress when he retires next year.

  • Joe Rogan mocked for suggesting straight white men soon won’t be ‘allowed to talk’

    ‘Respectfully, I would argue that not being allowed to talk is the exact opposite of the problem Joe Rogan has,’ one response suggests

  • Take-Two stock wobbles as outlook overshadows earnings beat

    Take-Two Interactive Software Inc. shares traded between slight losses and gains in the extended session Tuesday as the videogame publisher's outlook overshadowed its big earnings beat for the quarter.

  • Chris Watts is an ‘outcast’ in prison after brutal murder of his wife and young kids

    ‘He's an outcast, even among criminals’, says regular contact of convicted murderer

  • Rashida Tlaib says Democrats tell her they support Palestine in secret because they’re scared of ‘intimidation’

    Progressive wing of party increasingly challenges traditional US stance towards Israel

  • Kevin McCarthy rejects bipartisan Capitol riots commission after being accused of covering up for Trump

    House Republican Leader Kevin McCarthy has come out against a bipartisan committee to investigate the Capitol insurrection, a proposal drafted by one of his GOP colleagues, as Republicans press for a broader investigation that includes investigating Black Lives Matter protests. “The renewed focus by Democrats to now stand up an additional commission ignores the political violence that has struck American cities, a Republican Congressional baseball practice, and, most recently, the deadly attack on Capitol Police on April 2, 2021,” Mr McCarthy said in a letter on Tuesday.

  • University in Pennsylvania condemns ‘horrific’ attack against LGBT+ students by ex members of banned fraternity

    Nearly 20 men, reportedly ex members of Bucknell University’s banned chapter of Tau Kappa Epsilon fraternity, allegedly attacked an LGBT+ housing unit on Thursday

  • Frito Lay claims famous ‘rags to riches’ tale of a janitor inventing Flamin Hot Cheetos is an ‘urban legend’

    Richard Montañez’s “rags to riches” story of how he went from being a janitor to a successful businessman by inventing Flamin’ Hot Cheetos may be an “urban legend” the company claimed

  • JetBlue flight rerouted after passenger snorts powder and pretends to stab others, witnesses say

    Man allegedly ‘gestured stabbing motions towards another passenger’

  • Joel Greenberg’s lawyer teases ‘must see’ news coming around Matt Gaetz

    The attorney would not comment on whether he felt the congressman should be indicted

  • Millionaires protest outside Jeff Bezos’ home demanding he pay more in taxes

    Group of millionaires who demand to be taxed more protest outside Bezos’ New York City luxury apartment

  • Republican congressman lashes out at GOP colleagues over ‘bogus’ attempts to rewrite history of Capitol riots

    Michigan lawmaker was one of the 10 Republicans to vote with Democrats for Donald Trump’s impeachment

  • Laura Ingraham condemned as ‘crazy, stupid, irresponsible’ after calling child vaccines ‘disgusting’

    ‘Would you have said the same thing about polio? Smallpox? Meningitis? HPV?’

  • Joel Greenberg pleads guilty to sex trafficking as banner flown above court reads ‘tick tock Matt Gaetz’

    A plane has flown a banner above US District Court in Orlando, Florida reading “Tick Tock Matt Gaetz” as the GOP congressman’s ally Joel Greenberg pleaded guilty to sex trafficking a minor, among other charges, potentially aiding prosecutors in a related investigation involving the Republican congressman. Mr Greenberg, a former Florida tax collector, appeared in court on Monday after admitting to introducing a “minor to other adult men, who engaged in commercial sex acts” with her, according to a lengthy plea agreement filed on 14 May. The other men were not named. Mr Gaetz was not named in court documents filed in US District Court on Friday.

  • ‘He should be tarred and feathered’: Fox News hosts tear into Prince Harry over First Amendment comments

    Former royal told Dax Shepard that amendment to Constitution was ‘bonkers’