{"id":16751,"date":"2021-05-13T10:25:54","date_gmt":"2021-05-13T09:25:54","guid":{"rendered":"https:\/\/wilsonjames.co.uk\/?p=16751"},"modified":"2021-05-13T10:31:09","modified_gmt":"2021-05-13T09:31:09","slug":"ransomware-and-the-extortion-economy","status":"publish","type":"post","link":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy","title":{"rendered":"Ransomware and the extortion economy"},"content":{"rendered":"<p>US company Colonial Pipeline shut down four major pipelines supplying fuel to the east coast of the US at the weekend, following a ransomware attack on their IT systems purportedly by criminal hacking gang DarkSide. The company has stated the shutdown was a precautionary measure and they have yet to comment on any damage incurred or data held to ransom. <a href=\"https:\/\/edition.cnn.com\/2021\/05\/09\/politics\/colonial-pipeline-cyberattack-restart-plan\/index.html\">1<\/a><\/p>\n<p>The use of ransomware has increased exponentially in the last year with cybersecurity company Palo Alto Networks reporting the average payment made by companies to retrieve their data has risen 171% over the past year to USD312,493. The \u2018benefits\u2019 of a ransomware attack are two-fold and referred to as \u2018double extortion\u2019; the stolen data can be uploaded to sites hosted on the darkweb and managed by other ransomware operators, as well as being sold back to the hacked company. <a href=\"https:\/\/www.tripwire.com\/state-of-security\/featured\/average-ransomware-payouts-shoot-up\/#:~:text=According%20to%20the%20research%2C%20the,they're%20also%20becoming%20greedier.\">2<\/a> Ransom demands are now so commonplace that there is a standard practice for negotiations, says Jason Kotler, CEO of cyber-negotiation company, Cypfer: \u201cFor billion dollar companies, they expect multimillion dollar payments\u2026 It\u2019s roughly a percentage of their published net revenues &#8211; half a percent for billion dollar companies.\u201d<a href=\"https:\/\/www.cnbc.com\/2021\/04\/06\/the-extortion-economy-inside-the-shadowy-world-of-ransomware-payouts.html\">3<\/a><\/p>\n<p>In July 2020, US travel services company CWT Global paid USD4.5 million to have their ransomware \u2018Ragnar Locker\u2019 removed, and they are not the only company having to capitulate to these demands. The US city of Lafayette, Colorado, reportedly paid USD45,000 in ransom to regain control of their systems <a href=\"https:\/\/www.cnbc.com\/2021\/04\/06\/the-extortion-economy-inside-the-shadowy-world-of-ransomware-payouts.html\">4<\/a> and technology company GARMIN fell foul of ransomware \u2018Wasted Locker\u2019 with demands of USD10 million made to retrieve their data. GARMIN has refused to comment on whether demands were met but gained full access to their data after a four-day shutdown, with industry experts suggesting the level of sophistication used means the company would have no way to recover their stolen files without paying the ransom. Cyber-security experts Heimdal Security advises that paying the ransom goes against US government recommendations and may even be illegal in certain situations. <a href=\"https:\/\/heimdalsecurity.com\/blog\/ransomware-payouts-of-2020\/\">5<\/a><\/p>\n<p>London based cyber-security firm Digital Shadows suggests remote working during the pandemic is partly to blame for the Colonial Pipeline attack as engineers log in remotely and login details to access remote working can be bought from disgruntled employees. <a href=\"https:\/\/www.bbc.co.uk\/news\/business-57050690\">6<\/a> The repercussions of this latest attack against the oil industry have yet to be realised as the US government puts contingency plans in motion to continue the delivery of the much-needed fuel. Colonial Pipeline is yet to confirm if any data was stolen or if the delay in re-establishing full operational capabilities is a precaution to ensure they are on top of the malware before re-booting.<\/p>\n<p>For guidance from the UK\u2019s National Cyber Security Centre (NCSC) on mitigating malware and ransomware attacks please <a href=\"https:\/\/www.ncsc.gov.uk\/guidance\/mitigating-malware-and-ransomware-attacks\">click here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">US company Colonial Pipeline shut down four major pipelines supplying fuel to the east coast of the US at the weekend, following a ransomware attack on their IT systems purportedly by criminal hacking gang DarkSide. The company has stated the shutdown was a precautionary measure and they have yet to comment on any damage incurred [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":16752,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[61],"tags":[55],"jetpack_publicize_connections":[],"aioseo_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ransomware and the extortion economy - Wilson James<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware and the extortion economy - Wilson James\" \/>\n<meta property=\"og:description\" content=\"US company Colonial Pipeline shut down four major pipelines supplying fuel to the east coast of the US at the weekend, following a ransomware attack on their IT systems purportedly by criminal hacking gang DarkSide. The company has stated the shutdown was a precautionary measure and they have yet to comment on any damage incurred [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy\" \/>\n<meta property=\"og:site_name\" content=\"Wilson James\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-13T09:25:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-13T09:31:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"719\" \/>\n\t<meta property=\"og:image:height\" content=\"437\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cadence Woodland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wj_ltd\" \/>\n<meta name=\"twitter:site\" content=\"@wj_ltd\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cadence Woodland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy\",\"url\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy\",\"name\":\"Ransomware and the extortion economy - Wilson James\",\"isPartOf\":{\"@id\":\"https:\/\/wilsonjames.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg\",\"datePublished\":\"2021-05-13T09:25:54+00:00\",\"dateModified\":\"2021-05-13T09:31:09+00:00\",\"author\":{\"@id\":\"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/49941be4c3b9c7a0a3b21ede1658e2d9\"},\"breadcrumb\":{\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage\",\"url\":\"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg\",\"contentUrl\":\"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg\",\"width\":719,\"height\":437,\"caption\":\"Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wilsonjames.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware and the extortion economy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wilsonjames.co.uk\/#website\",\"url\":\"https:\/\/wilsonjames.co.uk\/\",\"name\":\"Wilson James\",\"description\":\"Wilson James is a leading security, logistics and aviation services provider with over 5,000 employees operating across the UK.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wilsonjames.co.uk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/49941be4c3b9c7a0a3b21ede1658e2d9\",\"name\":\"Cadence Woodland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b0376243dae4ae8704239a2d3e2a64c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b0376243dae4ae8704239a2d3e2a64c2?s=96&d=mm&r=g\",\"caption\":\"Cadence Woodland\"},\"description\":\"ok\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware and the extortion economy - Wilson James","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy","og_locale":"en_GB","og_type":"article","og_title":"Ransomware and the extortion economy - Wilson James","og_description":"US company Colonial Pipeline shut down four major pipelines supplying fuel to the east coast of the US at the weekend, following a ransomware attack on their IT systems purportedly by criminal hacking gang DarkSide. The company has stated the shutdown was a precautionary measure and they have yet to comment on any damage incurred [&hellip;]","og_url":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy","og_site_name":"Wilson James","article_published_time":"2021-05-13T09:25:54+00:00","article_modified_time":"2021-05-13T09:31:09+00:00","og_image":[{"width":719,"height":437,"url":"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg","type":"image\/jpeg"}],"author":"Cadence Woodland","twitter_card":"summary_large_image","twitter_creator":"@wj_ltd","twitter_site":"@wj_ltd","twitter_misc":{"Written by":"Cadence Woodland","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy","url":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy","name":"Ransomware and the extortion economy - Wilson James","isPartOf":{"@id":"https:\/\/wilsonjames.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage"},"image":{"@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage"},"thumbnailUrl":"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg","datePublished":"2021-05-13T09:25:54+00:00","dateModified":"2021-05-13T09:31:09+00:00","author":{"@id":"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/49941be4c3b9c7a0a3b21ede1658e2d9"},"breadcrumb":{"@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#primaryimage","url":"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg","contentUrl":"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg","width":719,"height":437,"caption":"Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code"},{"@type":"BreadcrumbList","@id":"https:\/\/wilsonjames.co.uk\/ransomware-and-the-extortion-economy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wilsonjames.co.uk\/"},{"@type":"ListItem","position":2,"name":"Ransomware and the extortion economy"}]},{"@type":"WebSite","@id":"https:\/\/wilsonjames.co.uk\/#website","url":"https:\/\/wilsonjames.co.uk\/","name":"Wilson James","description":"Wilson James is a leading security, logistics and aviation services provider with over 5,000 employees operating across the UK.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wilsonjames.co.uk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/49941be4c3b9c7a0a3b21ede1658e2d9","name":"Cadence Woodland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/wilsonjames.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b0376243dae4ae8704239a2d3e2a64c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b0376243dae4ae8704239a2d3e2a64c2?s=96&d=mm&r=g","caption":"Cadence Woodland"},"description":"ok"}]}},"jetpack_featured_media_url":"https:\/\/wilsonjames.co.uk\/wp-content\/uploads\/2021\/05\/iStock-1065824694-e1620898258390.jpg","jetpack_shortlink":"https:\/\/wp.me\/p9jZtb-4mb","jetpack_sharing_enabled":true,"publishpress_future_action":{"enabled":false,"date":"2026-04-25 07:17:54","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/posts\/16751"}],"collection":[{"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/comments?post=16751"}],"version-history":[{"count":5,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/posts\/16751\/revisions"}],"predecessor-version":[{"id":16757,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/posts\/16751\/revisions\/16757"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/media\/16752"}],"wp:attachment":[{"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/media?parent=16751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/categories?post=16751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wilsonjames.co.uk\/wp-json\/wp\/v2\/tags?post=16751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}