US opens debate over cyber ransom payments after pipeline hack
White House says companies ‘face a very difficult situation’ on compensating attackers.
The White House has opened a debate over the merits of companies making ransom payments to cyber attackers after a group of hackers shut down a US oil pipeline over the weekend, highlighting the seriousness of the threat to critical infrastructure.
The Federal Bureau of Investigation has long opposed such payments on the grounds that they will encourage more ransomware attacks, in which hackers take control of a target’s computers or data until their financial demands are met.
Anne Neuberger, US deputy national security adviser for cyber and emerging technologies, said on Monday that the Biden administration was “definitely looking at” its “approach to ransomware actors and ransoms overall”.
“Victims of cyber attacks often face a very difficult situation, and they have to just balance . . . the cost-benefit when they have no choice with regard to paying a ransom,” she said, noting that companies with encrypted data without backups often had difficulty recovering the information after a ransomware attack.
“That is why given the rise in ransomware and given frankly the troubling trend we see often targeting companies who have insurance and may be rich targets, that we need to look thoughtfully at this area,” Neuberger said.
Ransomware hackers on Friday claimed one of their biggest targets yet, shutting down the 5,500-mile Colonial pipeline network that transports petrol, diesel and jet fuel from refineries along the Gulf of Mexico to the Atlantic coast. The system has capacity to supply almost 15 per cent of total US liquid fuel demand.
The FBI on Monday identified DarkSide, an organisation believed to be run from Russia by an experienced team of online criminals, as being “responsible” for compromising the Colonial pipeline networks.
“Currently we assess DarkSide as a criminal actor but of course, our intelligence community is looking for any ties to any nation-state actors,” Neuberger told reporters.
The Colonial Pipeline Company, backed by a group of investors including private equity group KKR and the Koch Industries conglomerate, said it would restore most service by the end of the week while it worked with shippers to find other ways to transport fuels.
The interruption left Gulf coast refineries without an outlet, forcing them to cut production by up to 500,000 barrels a day, according to an oil industry expert. Some refiners, including New York-listed Valero, were seeking to park fuels on vessels, said S&P Global Platts. Valero did not respond to a request for comment.
The Colonial pipeline company turned down the federal government’s offer to help restore its systems, Neuberger said. The White House had not offered any “further advice” to Colonial about whether to make a ransom payment, she added.
James Lewis, a cyber security expert at the Center for Strategic and International Studies, said pipelines were flagged as a potential cyber security risk a decade ago, adding that the comments from the White House on ransom payments were an “admission of reality”.
US gasoline markets did not respond much to the outage, with futures for June delivery rising just 0.3 per cent to settle at $2.13 a gallon on Monday.
However, if the pipeline was not quickly returned to service, more severe price moves could follow, analysts said.
“If the consumers panic, then you may see prices really strengthened over the next few days,” said Alan Gelder, vice-president of refining and chemicals at Wood Mackenzie. “A lot will depend, I suspect, on the US evening news.”
There has been a proliferation of ransomware attacks in recent years as it has become an increasingly lucrative criminal enterprise, with ransom demands to victims averaging about $100,000, according to the US Department of Justice. Many criminals operate out of jurisdictions such as Russia where they are unlikely to be prosecuted by authorities.
Insurers have also been blamed for encouraging companies to pay out, by offering reimbursements for extortion payouts. On Monday, global insurance group AXA said it would stop writing cyber policies that reimburse payments for its French customers, in the wake of the criticism.
Written by: James Politi, Katrina Manson, Derek Brower, Myles McCormick and Hannah Murphy
© Financial Times
Source: Read Full Article