Pipeline paid 5 million in crypto for the key to decrypt data (per Bloomberg)
FYI, this happens all the time, and 95%+ of the time businesses just quietly negotiate down and pay the ransom. There are now entire verticals dedicated to ransomware attack mitigation, including firms that specialize in negotiating the ransoms.
I knew these happen all the time, but i didn't realize there were firms that do the negotiating and that there was even the possibility of negotiating down, that's bonkers.
Yup. It's a whole cottage industry, and the white hat people and black hat people become familiar with each other. Apparently there is, in fact, honor among thieves. I've heard some wild stories.
Our CISO has been working with an IT insurance company and developing a checklist on what to do in case of such an event. He states the government is telling people to never pay the ransom as this encourages them and you really have no guarantees on whether you will actually get anything useful in return for paying them. He did mention there are other resources available in a case where we wanted to negotiate.
I think from an IT standpoint, the best way to mitigate this is to have good backups, but they need to have a long retention policy. The bad guys usually don't act until they've been in your systems for 9 months already (on average). Your recent backups will be useless if they've already been saving compromised files.