Canadian Cyber Security Journal
SOCIAL:
Filed under: Featured, News

The Cybersecurity 202: Could less publicizing of ransomware fixes have prevented the Colonial Pipeline attack?

The first rule of blocking ransomware attacks is: Don’t talk about how you blocked ransomware attacks.

Or, on the other hand, maybe you should shout it from the rooftops.

That’s a debate that’s roiling the cybersecurity community after a deep dive story from ProPublica and MIT Technology Review revealed that an ill-timed cybersecurity company news release may have helped a ransomware gang launch a devastating attack against Colonial Pipeline. That attack caused fuel shortages across the eastern United States and a spike in gas prices.

In the news release in question, the Romanian cybersecurity firm BitDefender touted a digital tool it had developed to unlock computers that were locked by the ransomware gang DarkSide without the victim paying a ransom. BitDefender was offering the tool free to all DarkSide victims.

In the news release in question, the Romanian cybersecurity firm BitDefender touted a digital tool it had developed to unlock computers that were locked by the ransomware gang DarkSide without the victim paying a ransom. BitDefender was offering the tool free to all DarkSide victims.

That news release helped a lot of DarkSide victims. But it also gave the gang a chance re-engineer its ransomware based on what BitDefender published in ways that ultimately made the tool ineffective.The Cybersecurity 202: Could less publicizing of ransomware fixes have prevented the Colonial Pipeline attack?

A few months later, when DarkSide’s ransomware hit Colonial Pipeline, there was no easy fix. Ultimately, Colonial paid a $4.4 million ransom to regain access to its computer systems.

If the company had just quietly shared its tool with DarkSide victims rather than publishing it online, the tool might have still worked when Colonial was hacked, the authors Renee Dudley and Daniel Golden argue. Indeed, two other researchers, Fabian Wosar and Michael Gillespie, had been doing just that with a similar tool they discovered.

“The incident…shows how anti-virus companies eager to make a name for themselves sometimes violate one of the cardinal rules of the cat-and-mouse game of cyberwarfare: Don’t let your opponents know what you’ve figured out,” Dudley and Golden write.

The dispute is a twist on a familiar debate in cybersecurity — whether it’s better to gather more information about the bad guys or to stop them in their tracks.

 

Click here to view the original web page at www.msn.com

Enjoy this article? Don’t forget to share.