The following article, What Changes Are Coming in the Wake of Last Week’s Colonial Pipeline Hearing? , was first published on Flag And Cross.
Last week, the CEO of Colonial Pipeline finally had to answer to lawmakers for the May hack that temporarily halted fuel delivery to the East Coast of the United States. One of the main points of interest was the $4.4 million ransom netted by Russia’s DarkSide Ransomware Gang.
The decision to actually pay the hackers was criticized in many circles, as it is widely accepted that the payout will only encourage more attacks against critical infrastructure in the future. In fact, paying these ransoms in many cases is not only discouraged, but may actually lead to civil penalties for American businesses.
In October of 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a directive laying out the fact that potential civil damages would be incurred by violators found to have made payments to groups that are already under US sanctions and noted that, “ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States.”
In regard to last month’s payment to DarkSide, Colonial CEO Joseph Blount previously admitted to The Wall Street Journal several weeks back that the uncertainty regarding the fallout from the hack compelled him to authorize the massive payout of $4.4 million.
Blount referenced the OFAC directive in his appearance in Washington last week when he told lawmakers, “I do know that repeatedly throughout the process, the fact of whether DarkSide was on the sanctions list or not was fact-checked repeatedly.”
Last weeks hearing presented a bi-partisan message to the private sector that additional oversight of matters related to cybersecurity may be coming. Part of the reason may be the increased cost to the intelligence community to bail out companies like Colonial. In just the past few weeks, FBI was forced to invest significant time and resources to help the company recover $2.3 million of the $4.4 million paid to DarkSide.
Although last week’s hearing sent a message globally regarding America’s renewed commitment to cybersecurity, the addition of new protective measures was already well under way. In the wake of the Colonial Hack, the Department of Homeland Security (DHS) created new guidelines intended to protect American pipeline companies that requires them to immediately report any hacking incidents.
These measures may help to improve the cyber response within vital American infrastructure, but what about individual Americans who make of the far majority of hacking victims? There are literally thousands of hacking gangs targeting Americans for what is generally considered a much smaller ransom. In some cases, the ransom amount is more than the trouble to most victims, who may simply choose to replace their infected software or hardware. But some of the more experienced ransomware gangs have learned to set their ransom demand in a way that is likelier to produce a payment.
Most of the new attacks cited in the media over the past year have been attributed to members of the STOP/Djvu Ransomware Family. The group seems to produce a new strain almost daily and all of the individual infections are noted by a unique four-letter sequence which is appended to infected files. Some of the more prolific strains of the STOP/Djvu ransomware family are the variants: Nusm, Pahd, Mppq, Paas, Ehiz and numerous others.
Since the FBI or DHS may not be swooping anytime soon to rescue your $500 dollar laptop, the best way to avoid becoming a victim is to maintain offline backups of your files. This would ensure access as long as you can upload them to a new device.
The issue of cybersecurity affects all Americans. But the question here becomes, “can an incompetent government that has made a mess of the economy and border actually be trusted to keep America safe from international hacking attacks?” One way or another, we will find out the answer shortly.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.
Continue reading: What Changes Are Coming in the Wake of Last Week’s Colonial Pipeline Hearing? ...