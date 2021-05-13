 Skip to content
Colonial Pipeline paid $5M in ransom to get a janky decryption key so slow they had to resort to system backups anyway
Original [TotalFark]
‘’ 50 minutes ago  
Original Tweet:
 
NotCodger [TotalFark] [OhFark]
‘’ 34 minutes ago  
Wait. They had backups available, but didn't use them right away? Were they on floppy disks?
 
question_dj [TotalFark]
‘’ 31 minutes ago  

NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?


They would have had to have submitted a ticket to the Backup and Restoral group, and man, submitting forms is hard! They would have had to have known stuff about things, and that's just a huge hassle.

It's way easier to do things wrong the first time, than to do them right, because goddamn it, you'll have to fill out a form.
 
OptionC [TotalFark]
‘’ 30 minutes ago  
Paying a ransom should be illegal - it does nothing but encourage the next attack
 
I am Tom Joad's Complete Lack of Surprise [TotalFark] [OhFark]
‘’ 29 minutes ago  
Such payouts should be FLAT OUT ILLEGAL, with a five year stint in the Pen for the CEO, and if the entity is essential to infrastructure, control of the company turned over to FedGov and all C-suite execs fired with zero payouts of any kind.

Send a farking message.
 
NewportBarGuy [TotalFark] [OhFark]
‘’ 29 minutes ago  
GOOD! sometimes paying the bribe is worth it when you have half of the countries entire economy on the line. Now fine the sh*t out of them and force them to update their goddamn systems!
 
Driedsponge [TotalFark] [OhFark]
‘’ 23 minutes ago  

NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?


This is going to be like the Texas Power fiasco.  Every day new things will come to light that will make you say "WTF?!" even harder than you did the day before, and even when we get every remaining detail, none of it will help to exonerate anyone in the decision tree in any way.
 
sniderman
‘’ 20 minutes ago  

NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?


Fark user imageView Full Size
 
Prank Call of Cthulhu
‘’ 20 minutes ago  
to Eastern European hackers

That's a weird way to spell "Russians".
 
tricycleracer
‘’ 19 minutes ago  

NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?


They were CTAM backups and there's a gas shortage.
 
Russ1642 [BareFark]
‘’ 18 minutes ago  
They should be fined a further $10M for supplying funds to terrorists.
 
Keyser_Soze_Death
‘’ 18 minutes ago  
They should have shot the hostage.
 
scotchcrotch
‘’ 18 minutes ago  
Thanks for funding (and broadcasting to the world) the next attack.
 
IRestoreFurniture
‘’ 18 minutes ago  
While I've been in the business long enough to know that management can sometimes make it very hard to impossible to achieve your ideal IT goals, but for a threat this well known (and we'll known how to mitigate even with limited resources) to have done this to your vital infrastructure, your entire incompetent IT team should be fired or any ma agers who no'd their proposals.
 
XSV
‘’ 18 minutes ago  
CSB:

Company I previously worked for had our internal systems hit by ransomware.  We ended up spending about $40k ransom after being down for 3 days while our IT couldn't figure out if our backups were compromised or not.

So our development group, got turned into the decrypting group, as developers went around and ran the decryption on everyone's machine.  Funny thing was, we had to call the support number that had been provided when we paid the ransom, and the folks we got hit by were actually very helpful in solving any issues we ran into with the decryption process they had.

/CSB
 
American-Irish eyes
‘’ 18 minutes ago  

I am Tom Joad's Complete Lack of Surprise: Such payouts should be FLAT OUT ILLEGAL, with a five year stint in the Pen for the CEO, and if the entity is essential to infrastructure, control of the company turned over to FedGov and all C-suite execs fired with zero payouts of any kind.

Send a farking message.


Totally in agreement until you stated the company should be nationalized.  Nationalizing the company will only lead to greater issues in the long run.
 
169th Cousin [recently expired TotalFark]
‘’ 16 minutes ago  
Fark user imageView Full Size
 
Shotgun Justice
‘’ 16 minutes ago  
And those savings will be passed on to our valued customers....

/dumbasses
 
i state your name
‘’ 16 minutes ago  

Driedsponge: NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?

This is going to be like the Texas Power fiasco.  Every day new things will come to light that will make you say "WTF?!" even harder than you did the day before, and even when we get every remaining detail, none of it will help to exonerate anyone in the decision tree in any way.


Tada! Capitalism!
/Alternatively: The Aristocrats!
 
stuhayes2010
‘’ 16 minutes ago  
What I know about this comes from TV, so it's probably wrong.  But could the backups be infected too?  According to CSI, these groups infect and wait 6 months so the back ups have back ups of the virus.
 
steklo
‘’ 14 minutes ago  
I work in IT.

I know a lot of law firms that got ransomware attacked over the years and in all cases, they paid up. Just this month one of our clients got it twice!!!

But my gripe is that Darkstar said they can't be prosecuted because "we do it for the money"

so what I want to know is, if I rob a bank and the police arrest me, I can say, "I did it for the money?" and they would let me go?
 
Ghost Roach [BareFark] [OhFark]
‘’ 14 minutes ago  

169th Cousin: [Fark user image image 850x478]


For all the times I've seen this, I haven't asked: wouldn't the gas start to soften/dissolve the bags after a period of time?
 
MusicMakeMyHeadPound [TotalFark] [OhFark]
‘’ 13 minutes ago  
Why, oh why, haven't I turned to a life of crime?
 
hobnail [TotalFark]
‘’ 13 minutes ago  

MusicMakeMyHeadPound: Why, oh why, haven't I turned to a life of crime?


Lack of initiative?
 
rudemix [TotalFark] [OhFark]
‘’ 13 minutes ago  
This technical jargon is all too much for me. Can someone tell me if I still need to fill the trunk of my car with Walmart grocery bags full of gas? I was pondering buying a kiddie wading pool and strapping it to my car roof and filling that also. Do i still need to?
 
H31N0US
‘’ 13 minutes ago  
I inherited a pc at a new job a couple years ago that had gandcrab. IT just unplugged it and smashed it (figuratively), and ordered now PCs for me and the dozen or so other affected people.
 
Ghost Roach [BareFark] [OhFark]
‘’ 12 minutes ago  

steklo: I work in IT.

I know a lot of law firms that got ransomware attacked over the years and in all cases, they paid up. Just this month one of our clients got it twice!!!

But my gripe is that Darkstar said they can't be prosecuted because "we do it for the money"

so what I want to know is, if I rob a bank and the police arrest me, I can say, "I did it for the money?" and they would let me go?


If you can figure out a way to rob a bank without weapons, or threats of violence ...
 
MusicMakeMyHeadPound [TotalFark] [OhFark]
‘’ 12 minutes ago  

hobnail: MusicMakeMyHeadPound: Why, oh why, haven't I turned to a life of crime?

Lack of initiative?


:(   Yeah.
 
IRestoreFurniture
‘’ 12 minutes ago  

Ghost Roach: 169th Cousin: [Fark user image image 850x478]

For all the times I've seen this, I haven't asked: wouldn't the gas start to soften/dissolve the bags after a period of time?


Fairly rapidly I think.
 
WilderKWight
‘’ 12 minutes ago  
Oh, you mean greedy farkers were so penny-wise and dollar-foolish that they avoided updating systems to save money until they were compromised, and then had to pay a ransom (thus encouraging future attacks) to fix what their previous short-sightedness caused, and then still ended up using backups because their previous short-sightedness meant their systems were too slow to be fixed in decent time anyway?

Yeah. Sounds like every robber baron, ever. So tight-fisted that they can't be bothered to spend anything to improve their own company (or the quality of life for their employees or customers) if it doesn't immediately and directly put money in their pocket so they can continue living like a corpulent money-sponge with a spray tan.

And people wonder why Michigan's so pissed off at the greedy, short-sighted corporate farkers running a decrepit pipeline they failed to upgrade or repair properly, through our lake right near one of our tourism hot spots, in the water that we use for our municipal supplies across the state? Oh, and FARK YOU Ohio politicians for whining about the pipeline possibly costing your constituents oil company jobs. If you want those jobs so bad (and we know you really don't; You're just taking the boilerplate conservative position), have them run the pipeline down around the lakes, through your major cities and water supplies. I'm sure nobody would notice if Toledo suffered from an oil spill or fire.
 
Harry Freakstorm [TotalFark]
‘’ 12 minutes ago  
Uh, no.  Colonial Pipeline's customers paid 5 million in ransom.

Colonial to Distributors:  Here's your bill:  $$
Distributor to gas stations:  Here's your bill:  $$$
Gas station to customers: Here's your bill:$$$$
 
hobnail [TotalFark]
‘’ 11 minutes ago  

XSV: CSB:

Company I previously worked for had our internal systems hit by ransomware.  We ended up spending about $40k ransom after being down for 3 days while our IT couldn't figure out if our backups were compromised or not.

So our development group, got turned into the decrypting group, as developers went around and ran the decryption on everyone's machine.  Funny thing was, we had to call the support number that had been provided when we paid the ransom, and the folks we got hit by were actually very helpful in solving any issues we ran into with the decryption process they had.

/CSB


So, this may be a dumb question on my part, but what confidence do you have that once you decrypt that you're not compromised in some other way?
 
Inebriated Bolshevik Muppet
‘’ 10 minutes ago  

OptionC: Paying a ransom should be illegal - it does nothing but encourage the next attack


Actually, this just got those hackers targeted. If the payments don't result in a positive outcome for the ransom paid, there's literally no reason to pay the ransom anymore.

This just illustrated that paying the ransom is literally just throwing your money away. If that hacker group isn't dead before the end of the week I'll be surprised, they just cost an EXTREMELY lucrative avenue of income for a few extremely dangerous people.
 
TofuTheAlmighty [BareFark]
‘’ 10 minutes ago  

XSV: Funny thing was, we had to call the support number that had been provided when we paid the ransom, and the folks we got hit by were actually very helpful in solving any issues we ran into with the decryption process they had.


Providing support after the fact is, astonishingly, fairly common among ransomware attackers. At least, among the few who don't metaphorically shoot their hostages.
 
BeansNfranks
‘’ 10 minutes ago  
I still don't understand why these things weren't fixed within hours. Seriously. Your entire companies inventory, in the magnitude of 10's of millions of dollars (or dramatically more) is stuck in this pipe. How do you NOT have a backup plan for an emergency shutdown?

I'm going with laziness. Not because i know how these things work in the gas/oil process, but because 99% of time when things need to get done, it simply doesn't because people are either lazy, inept, or both. Every time. Every farking time.

Just do it. Just get it the fark done. Pick up your lazy farking ass, and just get it going.
 
thehobbes [TotalFark]
‘’ 10 minutes ago  
.. why is infrastructure not air gapped?
 
IRestoreFurniture
‘’ 9 minutes ago  

scotchcrotch: Thanks for funding (and broadcasting to the world) the next attack.


This.


This is a very well known and understood threat that hase been around for close to a decade.

If you don't take the minimal required steps to guard against this you should t be in business. And you surely shouldn't be in infrastructure business.
 
Fingerware Error [TotalFark]
‘’ 9 minutes ago  

Ghost Roach: For all the times I've seen this, I haven't asked: wouldn't the gas start to soften/dissolve the bags after a period of time?


No. Back in history I sold car batteries. They were shipped dry and the acid was shipped in polyethylene bags inside cardboard boxes.
 
rightClick [OhFark]
‘’ 8 minutes ago  

169th Cousin: [Fark user image 850x478]


So, what was the plan with these bags?

A gallon of gas weighs about 5 pounds, if they got 20 gallons in a bag are they planning to lift a 100 pound bag of flammable liquid out of their trunk? Assuming he bag is strong enough to hold being lifted like this.

Did they have just as fool proof a plan to get the gas from the bag to their gas tank?
 
H31N0US
‘’ 8 minutes ago  

thehobbes: .. why is infrastructure not air gapped?


Didn't WiFi obviate that term like 20 years ago, Boomer?
 
IRestoreFurniture
‘’ 7 minutes ago  

thehobbes: .. why is infrastructure not air gapped?


This guy IT's.
 
MusicMakeMyHeadPound [TotalFark] [OhFark]
‘’ 7 minutes ago  

stuhayes2010: What I know about this comes from TV, so it's probably wrong.  But could the backups be infected too?  According to CSI, these groups infect and wait 6 months so the back ups have back ups of the virus.


I guess if they're smart. They usually aren't.

We got hit with ransomware a couple years ago. I restored the data from backup and replaced the executables with pristine versions from the vendor. We were only down for about three hours.

I have no sympathy for IT professionals who don't take DR seriously.
 
PvtStash
‘’ 7 minutes ago  

I am Tom Joad's Complete Lack of Surprise: Such payouts should be FLAT OUT ILLEGAL, with a five year stint in the Pen for the CEO, and if the entity is essential to infrastructure, control of the company turned over to FedGov and all C-suite execs fired with zero payouts of any kind.

Send a farking message.


hey "we" can decide we don't p[lay like that anytime we want to.
but at present "we" have decide that "we" can and should fook right off and allow the market to do whatever to make money.

So this is just business and what goes on in the market. Cost of business is paying ransoms until running the  business so it can refuse to pay ransoms is cheaper than paying ransoms.

Markets don't really have wider FOV/bigger picture situations in m ind most of them time, just what's going ot be in the deposit at the end of the day today. "Sustainability" is not a free market concern, because all the operators in the market are temporary mortal beings that don't actually have to care about anything past their own short lived selves.

Parasite is a perfectly viable life form, though they are harmful to others and generally tend to damage their own life suntanning hosts in the process, they do thrive none the less.
And the only option is to decide "we" want to stop living jungle animal life and get back to evolving.
 
Solty Dog
‘’ 7 minutes ago  

steklo: so what I want to know is, if I rob a bank and the police arrest me, I can say, "I did it for the money?" and they would let me go?


Yes. Also make sure you put your hazards on in you car. Everything is legal with the hazards on.
 
OldJames
‘’ 7 minutes ago  
They should have been able to restore from backups in a couple hours. IT failure. Even if they were rookies, a full day.
 
baorao
‘’ 7 minutes ago  
I'd be curious to know how far back their restore point was.
 
TheGreatGazoo
‘’ 7 minutes ago  
I suspect that restoring 10 servers is easy.  Restoring 5000 servers (or however many they have) isn't so easy, particularly with databases.

That said, I have a sneaky feeling the Darkside hackers will be having a bunch of weird car accidents and other calamities befall them such as accidentally falling out of helicopters 100 miles offshore.

You screw with the profits of oil conglomerates and they'll make the South American banana companies look like angels.
 
Warthog [TotalFark]
‘’ 7 minutes ago  

hobnail: XSV: CSB:

Company I previously worked for had our internal systems hit by ransomware.  We ended up spending about $40k ransom after being down for 3 days while our IT couldn't figure out if our backups were compromised or not.

So our development group, got turned into the decrypting group, as developers went around and ran the decryption on everyone's machine.  Funny thing was, we had to call the support number that had been provided when we paid the ransom, and the folks we got hit by were actually very helpful in solving any issues we ran into with the decryption process they had.

/CSB

So, this may be a dumb question on my part, but what confidence do you have that once you decrypt that you're not compromised in some other way?


Up till now, there's been honor among thieves.  A hacker group that doesn't deliver on what it promises in exchange for a ransom never gets paid another ransom.  It's big business, and the "reputable" hackers pride themselves on their client service.

The thing that's interesting in this pipeline story, if true, isn't that the ransom got paid it's that the hackers did such a shiatty job helping get the network turned back on.  That group's reputation is going to be mud.
 
Ashelth
‘’ 6 minutes ago  

tricycleracer: NotCodger: Wait. They had backups available, but didn't use them right away? Were they on floppy disks?

They were CTAM backups and there's a gas shortage.


The smart thing to do would be to infect a system several months prior so all of the backups are compromised then have the ransomware trigger
 
baorao
‘’ 6 minutes ago  

hobnail: XSV: CSB:

Company I previously worked for had our internal systems hit by ransomware.  We ended up spending about $40k ransom after being down for 3 days while our IT couldn't figure out if our backups were compromised or not.

So our development group, got turned into the decrypting group, as developers went around and ran the decryption on everyone's machine.  Funny thing was, we had to call the support number that had been provided when we paid the ransom, and the folks we got hit by were actually very helpful in solving any issues we ran into with the decryption process they had.

/CSB

So, this may be a dumb question on my part, but what confidence do you have that once you decrypt that you're not compromised in some other way?


it depends whether you can identify the date and cause of the initial breach and restore from a backup older than that.
 
