It's as direct any other revenue => business activity connection. More direct than how buying coffee causes fields to be planted with coffee trees.
Of this $5M, expect $4M to be spent on salaries in the next year or 2, funding 20 person-years of malicious hacking. 20 skilled people paid to hurt the internet instead of building it up. A terrible crime.
I’m sure at some point they must have just asked if they’d give them the password for free on account of all the collateral damage.. but it looks like they were disinclined to acquiesce to the request.
As someone who had their home broken into twice in the same week, probably by the same people, I prefer to subscribe to the theory that there's no honor among thieves.
The 5M ransom plus all the other damage such as reputation loss, increased government scrutiny and potential damages to pay to partners (I'm sure they provide some sort of SLA for their oil delivery services?) is a good enough deterrent from allowing this to happen again.
5M is nothing to that pipeline management firm. I think nothing will change because the "fine" is tiny and later, when a VP of opsec gets to decide between a massively expensive hardening of security which includes big recurring costs to keep an opsec team on payroll and just pocketing a multimillion dollar bonus for optimizing the opsec budget, he will choose the latter. There's no risk of getting jail time and any reputation damage won't be to his personal reputation, but to that firm he will have left long ago.
> keep an opsec team on payroll and just pocketing a multimillion dollar bonus for optimizing the opsec budget
This is not how companies actually work. This is a fun “incompetent executive” fantasy that floats around but in real businesses you don’t pocket a huge bonus solely by cutting costs.
You’re gonna have a lot of explaining to do on why that money was being spent in the first place and why it’s not needed now.
They are installing more software from the hacker voluntarily after paying the ransom. At this rate it looks more like they just hired a competent and highly unethical vendor..
Of this $5M, expect $4M to be spent on salaries in the next year or 2, funding 20 person-years of malicious hacking. 20 skilled people paid to hurt the internet instead of building it up. A terrible crime.