Colonial Pipeline pays hackers, and then doesn't even use the decryption key.

Colonial Pipeline – The Perfect Example of Why Not to Pay

You’ve heard about it. The pipeline that was hit with ransomware, causing a major fuel shortage across the east coast. You also likely heard they paid the hacker’s demands. However, did you hear the rest of the Colonial Pipeline story?

The End of the Colonial Pipeline Story

Colonial Pipeline paid the ransom demands, after publicly saying they would not. They sent the hackers $5 million and received a decryption key. However, the restoration process using the $5 million decryption key was painfully slow. So much, in fact, that it was faster to restore their network using company backups. So, they did. I’ll give you a second to let that sink in.

Yes, they paid millions of dollars to get a decryption key to restore the files that the ransomware infection corrupted, only to restore them using their own backups because the hacker’s restoration methods were too slow. Wow.

Why You Shouldn’t Pay

We have been preaching for years, not to pay ransom demands. There are many reasons not to pay. First, they are cyber criminals, and there are no promises that they will deliver on their end of the bargain. Second, by paying once they believe you will pay again. Therefore, you now have a larger target on your back. Third, the restoration process using a decryption key can be quite slow.

If your organization has updated backups that have not been compromised, it is in your best interest to restore using those files. Understandably, there is no quick fix when it comes to restoring networks after a cyber attack. It will take time, and the process should not be expedited. It is incredibly important to be concise and through during the entire process. There really wouldn’t be anything worse than rushing through the reconnection process just to get servers and endpoints online too quickly and have traces of the ransomware still installed on the devices.

Threat Prevention Tips

Cyber criminals are sending phishing emails daily, hoping for a few careless clicks to infiltrate their victims. With over 90% of cyber attacks occurring as a result of human error, it is key organizations use a zero-trust methodology to keep their networks secure. By using this approach, higher levels of controls are implemented, including application whitelisting. Application whitelisting allows only tested and proven safe applications to run on the network. Therefore, no matter how many times employees mistakenly click on a malicious link, attachment, or download — it will not run because it is not tested and shown as secure.

We can’t always control the human element of cybersecurity; but, by implementing enhanced security measures like zero-trust, we can substantially reduce the risk.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles