Just saw on the news that the pipeline company paid the hackers 5 million bucks the day after the hack. They did this even before they reported the event to the authorities.
As it turns out, the ass-clowns who didn't airgap their corporate from Ops network, caved-in and paid up from day one, and still could not decrypt their file systems: "after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves. "
https://www.bbc.com/news/business-57112371https://www.bloomberg.com/news/arti...eline-paid-hackers-nearly-5-million-in-ransom
Here are the folks in charge of this fiasco. Colonial CIO has been named "CIO of the Year by Georgia CIO Leadership Association", and has Bachelor of Arts and Master of Education degrees. Might have been a half-decent school teacher.
https://www.colpipe.com/about-us/our-company/executive-team
Another gutless American company.
Technically, Colonial Pipeline is a private company, and they can do whatever they want.
However, their ineptness has significant social and economic externalities to the entire country, way beyond the net worth of the company's balance sheet.
Reminder: it is not the FBI's job to prevent you from:
- leaving all your doors wide open when you go on vacation
- keeping gold bars in plain sight in your passenger seat
- storing your cash in a barrel on the lawn
Therein lies the problem - folks intuitively "get" and "relate to" locking doors, building fences, installing security cameras, paying for the security guards at the front gate. They can
<see> the output of that expenditures with their eyes, and observe when some elements of physical security are getting neglected or become ineffective. And even then, many still find ways to screw that up.
Network/IT security is harder to observe with a naked eye, and thus harder to appreciate, and monitor. But if your corporate or personal hard-drives get encrypted and rendered unusable, the impact is far greater than some vagrant wondering in and steeling gear from your work equipment shack, or home garage.
Unless you detonated a single nuke in low-Earth orbit.
Too dramatic.
We now live in a world where dumb criminals hold-up banks and gas stations to score a few grand at a time, then usually get caught.
Smart criminals surreptitiously encrypt your hard dries and hold-up companies for ransom a few Million $$ at a time. Then usually get to do it again, and sell their tools to others to do more of the same.
a