{
	"id": "416dd703-cec0-410f-8921-d8290d63cde4",
	"created_at": "2026-04-10T03:21:36.799438Z",
	"updated_at": "2026-04-10T13:11:58.795394Z",
	"deleted_at": null,
	"sha1_hash": "c6466b75d304c08a491814cf5ac19fc3fe27a483",
	"title": "The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2791298,
	"plain_text": "The Colonial pipeline ransomware hackers had a secret weapon:\r\nself-promoting cybersecurity firms\r\nBy Renee Dudley\r\nPublished: 2021-05-24 · Archived: 2026-04-10 02:46:22 UTC\r\nFive months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its\r\nransomware victims. Then an antivirus company’s announcement alerted the hackers.\r\nDrew Angerer/Getty Images\r\nOn January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had\r\nfound a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens\r\nof businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from\r\nBitdefender and avoid paying millions of dollars in ransom to the hackers.\r\nBut Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie,\r\nhad noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool,\r\nBitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock\r\nmultiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have\r\nnothing to hope for.”\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 1 of 9\n\n“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”\r\nDarkSide soon proved it wasn’t bluffing, unleashing a string of attacks. This month, it paralyzed the Colonial\r\nPipeline Co., prompting a shutdown of the 5,500-mile pipeline that carries 45% of the fuel used on the East Coast\r\n—quickly followed by a rise in gasoline prices, panic buying of gas across the Southeast, and closures of\r\nthousands of gas stations. Absent Bitdefender’s announcement, it’s possible that the crisis might have been\r\ncontained, and that Colonial might have quietly restored its system with Wosar and Gillespie’s decryption tool.\r\nInstead, Colonial paid DarkSide $4.4 million in Bitcoin for a key to unlock its files. “I will admit that I wasn’t\r\ncomfortable seeing money go out the door to people like this,” CEO Joseph Blount told the Wall Street Journal.\r\nThe missed opportunity was part of a broader pattern of botched or half-hearted responses to the growing menace\r\nof ransomware, which during the pandemic has disabled businesses, schools, hospitals, and government agencies\r\nacross the country. The incident also shows how antivirus companies eager to make a name for themselves\r\nsometimes violate one of the cardinal rules of the cat-and-mouse game of cyberwarfare: Don’t let your opponents\r\nknow what you’ve figured out. During World War II, when the British secret service learned from decrypted\r\ncommunications that the Gestapo was planning to abduct and murder a valuable double agent, Johnny Jebsen, his\r\nhandler wasn’t allowed to warn him for fear of cluing in the enemy that its cipher had been cracked. Today,\r\nransomware hunters like Wosar and Gillespie try to prolong the attackers’ ignorance, even at the cost of contacting\r\nfewer victims. Sooner or later, as payments drop off, the cybercriminals realize that something has gone wrong.\r\nWhether to tout a decryption tool is a “calculated decision,” said Rob McLeod, senior director of the threat\r\nresponse unit for cybersecurity firm eSentire. From the marketing perspective, “You are singing that song from the\r\nrooftops about how you have come up with a security solution that will decrypt a victim’s data. And then the\r\nsecurity researcher angle says, ‘Don’t disclose any information here. Keep the ransomware bugs that we’ve found\r\nthat allow us to decode the data secret, so as not to notify the threat actors.’”\r\nIn a post on the dark web, DarkSide thanked Bitdefender for identifying a flaw in the gang’s\r\nransomware. (Highlight added by ProPublica.)\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 2 of 9\n\nWosar said that publicly releasing tools, as Bitdefender did, has become riskier as ransoms have soared and the\r\ngangs have grown wealthier and more technically adept. In the early days of ransomware, when hackers froze\r\nhome computers for a few hundred dollars, they often couldn’t determine how their code was broken unless the\r\nflaw was specifically pointed out to them.\r\nToday, the creators of ransomware “have access to reverse engineers and penetration testers who are very very\r\ncapable,” he said. “That’s how they gain entrance to these oftentimes highly secured networks in the first place.\r\nThey download the decryptor, they disassemble it, they reverse-engineer it, and they figure out exactly why we\r\nwere able to decrypt their files. And 24 hours later, the whole thing is fixed. Bitdefender should have known\r\nbetter.”\r\nIt wasn’t the first time Bitdefender trumpeted a solution that Wosar or Gillespie had beaten it to. Gillespie had\r\nbroken the code of a ransomware strain called GoGoogle, and was helping victims without any fanfare, when\r\nBitdefender released a decryption tool in May 2020. Other companies have also announced breakthroughs\r\npublicly, Wosar and Gillespie said.\r\n“People are desperate for a news mention, and big security companies don’t care about victims,” Wosar said.\r\nBogdan Botezatu, director of threat research at Bucharest, Romania–based Bitdefender, said the company wasn’t\r\naware of the earlier success in unlocking files infected by DarkSide.\r\nRegardless, he said, Bitdefender decided to publish its tool “because most victims who fall for ransomware do not\r\nhave the right connection with ransomware support groups and won’t know where to ask for help unless they can\r\nlearn about the existence of tools from media reports or with a simple search.”\r\nBitdefender has provided free technical support to more than a dozen DarkSide victims, and “we believe many\r\nothers have successfully used the tool without our intervention,” Botezatu said. Over the years, Bitdefender has\r\nhelped individuals and businesses avoid paying more than $100 million in ransom, he said.\r\nBitdefender recognized that DarkSide might correct the flaw, Botezatu said: “We are well aware that attackers are\r\nagile and adapt to our decryptors.” But DarkSide might have “spotted the issue” anyway. “We don’t believe in\r\nransomware decryptors made silently available. Attackers will learn about their existence by impersonating home\r\nusers or companies in need, while the vast majority of victims will have no idea that they can get their data back\r\nfor free.”\r\nThe attack on Colonial Pipeline, and the ensuing chaos at the gas pumps throughout the Southeast, appears to\r\nhave spurred the federal government to be more vigilant. President Joe Biden issued an executive order to\r\nimprove cybersecurity and create a blueprint for a federal response to cyberattacks. DarkSide said it was shutting\r\ndown under US pressure, although ransomware crews have often disbanded to avoid scrutiny and then re-formed\r\nunder new names, or their members have launched or joined other groups.\r\n“As sophisticated as they are, these guys will pop up again, and they’ll be that much smarter,” said Aaron Tantleff,\r\na Chicago cybersecurity attorney who has consulted with 10 companies attacked by DarkSide. “They’ll come back\r\nwith a vengeance.”\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 3 of 9\n\n\"People are desperate for a news mention, and big security companies don’t care about\r\nvictims.\"\r\nFabian Wosar, Ransomware Hunting Team\r\nAt least until now, private researchers and companies have often been more effective than the government in\r\nfighting ransomware. Last October, Microsoft disrupted the infrastructure of Trickbot, a network of more than 1\r\nmillion infected computers that disseminated the notorious Ryuk strain of ransomware, by disabling its servers\r\nand communications. That month, ProtonMail, the Swiss-based email service, shut down 20,000 Ryuk-related\r\naccounts.\r\nWosar and Gillespie, who belong to a worldwide volunteer group called the Ransomware Hunting Team, have\r\ncracked more than 300 major ransomware strains and variants, saving an estimated 4 million victims from paying\r\nbillions of dollars.\r\nBy contrast, the FBI rarely decrypts ransomware or arrests the attackers, who are typically based in countries like\r\nRussia or Iran that lack extradition agreements with the US. DarkSide, for instance, is believed to operate out of\r\nRussia. Far more victims seek help from the Hunting Team, through websites maintained by its members, than\r\nfrom the FBI.\r\nThe US Secret Service also investigates ransomware, which falls under its purview of combating financial crimes.\r\nBut, especially in election years, it sometimes rotates agents off cyber assignments to carry out its better-known\r\nmission of protecting presidents, vice presidents, major-party candidates, and their families. European law\r\nenforcement, especially the Dutch National Police, has been more successful than the US in arresting attackers\r\nand seizing servers.\r\nSimilarly, the US government has made only modest headway in pushing private industry, including pipeline\r\ncompanies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided among an alphabet soup of\r\nagencies, hampering coordination. The Department of Homeland Security conducts “vulnerability assessments”\r\nfor critical infrastructure, which includes pipelines.\r\nIt reviewed Colonial Pipeline in around 2013 as part of a study of places where a cyberattack might cause a\r\ncatastrophe. The pipeline was deemed resilient, meaning that it could recover quickly, according to a former DHS\r\nofficial. The department did not respond to questions about any subsequent reviews.\r\nFive years later, DHS created a pipeline cybersecurity initiative to identify weaknesses in pipeline computer\r\nsystems and recommend strategies to address them. Participation is voluntary, and a person familiar with the\r\ninitiative said that it is more useful for smaller companies with limited in-house IT expertise than for big ones like\r\nColonial. The National Risk Management Center, which oversees the initiative, also grapples with other\r\nthorny issues such as election security.\r\nRansomware has skyrocketed since 2012, when the advent of Bitcoin made it hard to track or block payments.\r\nThe criminals’ tactics have evolved from indiscriminate “spray and pray” campaigns seeking a few hundred\r\ndollars apiece to targeting specific businesses, government agencies and nonprofit groups with multimillion-dollar\r\ndemands.\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 4 of 9\n\nAttacks on energy businesses in particular have increased during the pandemic—not just in the US but in Canada,\r\nLatin America, and Europe. As the companies allowed employees to work from home, they relaxed some security\r\ncontrols, McLeod said.\r\nDarkSide adopted what is known as a “ransomware-as-a-service” model. Under this\r\nmodel, it partnered with affiliates who launched the attacks. The affiliates received 75%\r\nto 90% of the ransom, with DarkSide keeping the remainder.\r\nSince 2019, numerous gangs have ratcheted up pressure with a technique known as “double extortion.” Upon\r\nentering a system, they steal sensitive data before launching ransomware that encodes the files and makes it\r\nimpossible for hospitals, universities, and cities to do their daily work. If the loss of computer access is not\r\nsufficiently intimidating, they threaten to reveal confidential information, often posting samples as leverage. For\r\ninstance, when the Washington, DC, police department didn’t pay the $4 million ransom demanded by a gang\r\ncalled Babuk last month, Babuk published intelligence briefings, names of criminal suspects and witnesses, and\r\npersonnel files, from medical information to polygraph test results, of officers and job candidates.\r\nDarkSide, which emerged last August, epitomized this new breed. It chose targets based on a careful financial\r\nanalysis or information gleaned from corporate emails. For instance, it attacked one of Tantleff’s clients during a\r\nweek when the hackers knew the company would be vulnerable because it was transitioning its files to the cloud\r\nand didn’t have clean backups.\r\nTo infiltrate target networks, the gang used advanced methods such as “zero-day exploits” that immediately take\r\nadvantage of software vulnerabilities before they can be patched. Once inside, it moved swiftly, looking not only\r\nfor sensitive data but also for the victim’s cyber insurance policy, so it could peg its demands to the amount of\r\ncoverage. After two to three days of poking around, DarkSide encrypted the files.\r\n“They have a faster attack window,” said Christopher Ballod, associate managing director for cyber risk at Kroll,\r\nthe business investigations firm, who has advised half a dozen DarkSide victims. “The longer you dwell in the\r\nsystem, the more likely you are to be caught.”\r\nTypically, DarkSide’s demands were “on the high end of the scale,” $5 million and up, Ballod said. One scary\r\ntactic: if publicly traded companies didn’t pay the ransom, DarkSide threatened to share information stolen from\r\nthem with short-sellers who would profit if the share price dropped upon publication.\r\nDarkSide’s site on the dark web identified dozens of victims and described the confidential data it claimed to have\r\nfilched from them. One was New Orleans law firm Stone Pigman Walther Wittmann. “A big annoyance is what it\r\nwas,” attorney Phil Wittmann said, referring to the DarkSide attack in February. “We paid them nothing,” said\r\nMichael Walshe Jr., chair of the firm’s management committee, declining to comment further.\r\nLast November, DarkSide adopted what is known as a “ransomware-as-a-service” model. Under this model, it\r\npartnered with affiliates who launched the attacks. The affiliates received 75% to 90% of the ransom, with\r\nDarkSide keeping the remainder. As this partnership suggests, the ransomware ecosystem is a distorted mirror of\r\ncorporate culture, with everything from job interviews to procedures for handling disputes. After DarkSide shut\r\ndown, several people who identified themselves as its affiliates complained on a dispute resolution forum that it\r\nhad stiffed them. “The target paid, but I did not receive my share,” one wrote.\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 5 of 9\n\nTogether, DarkSide and its affiliates reportedly grossed at least $90 million. Seven of Tantleff’s clients, including\r\ntwo companies in the energy industry, paid ransoms ranging from $1.25 million to $6 million, reflecting\r\nnegotiated discounts from initial demands of $7.5 million to $30 million. His other three clients hit by DarkSide\r\ndid not pay. In one of those cases, the hackers demanded $50 million. Negotiations grew acrimonious, and the two\r\nsides couldn’t agree on a price.\r\nDarkSide’s representatives were shrewd bargainers, Tantleff said. If a victim said it couldn’t afford the ransom\r\nbecause of the pandemic, DarkSide was ready with data showing that the company’s revenue was up, or that\r\ncovid-19’s impact was factored into the price.\r\nDarkSide’s grasp of geopolitics was less advanced than its approach to ransomware. Around the same time that it\r\nadopted the affiliate model, it posted that it was planning to safeguard information stolen from victims by storing\r\nit in servers in Iran. DarkSide apparently didn’t realize that an Iranian connection would complicate its collection\r\nof ransoms from victims in the US, which has economic sanctions restricting financial transactions with Iran.\r\nAlthough DarkSide later walked back this statement, saying that it had only considered Iran as a possible location,\r\nnumerous cyber insurers had concerns about covering payments to the group. Coveware, a Connecticut firm that\r\nnegotiates with attackers on behalf of victims, stopped dealing with DarkSide.\r\nBallod said that with their insurers unwilling to reimburse the ransom, none of his clients paid DarkSide, despite\r\nconcerns about exposure of their data. Even if they had caved in to DarkSide, and received assurances from the\r\nhackers in return that the data would be shredded, the information might still leak, he said.\r\nDuring DarkSide’s changeover to the affiliate model, a flaw was introduced into its ransomware. The\r\nvulnerability caught the attention of members of the Ransomware Hunting Team. Established in 2016, the\r\ninvitation-only team consists of about a dozen volunteers in the US, Spain, Italy, Germany, Hungary, and the UK.\r\nThey work in cybersecurity or related fields. In their spare time, they collaborate in finding and decrypting new\r\nransomware strains.\r\nSeveral members, including Wosar, have little formal education but an aptitude for coding. A high school dropout,\r\nWosar grew up in a working-class family near the German port city of Rostock. In 1992, at the age of eight, he\r\nsaw a computer for the first time and was entranced. By 16, he was developing his own antivirus software and\r\nmaking money from it. Now 37, he has worked for antivirus firm Emsisoft since its inception almost two decades\r\nago and is its chief technology officer. He moved to the UK from Germany in 2018 and lives near London.\r\nHe has been battling ransomware hackers since 2012, when he cracked a strain called ACCDFISA, which stood\r\nfor “Anti Cyber Crime Department of Federal Internet Security Agency.” This fictional agency was notifying\r\npeople that child pornography had infected their computers, and so it was blocking access to their files unless they\r\npaid $100 to remove the virus.\r\nThe ACCDFISA hacker eventually noticed that the strain had been decrypted and released a revised version.\r\nMany of Wosar’s subsequent triumphs were also fleeting. He and his teammates tried to keep criminals blissfully\r\nunaware for as long as possible that their strain was vulnerable. They left cryptic messages on forums inviting\r\nvictims to contact them for assistance or sent direct messages to people who posted that they had been attacked.\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 6 of 9\n\nIn the course of protecting against computer intrusions, analysts at antivirus firms sometimes detected ransomware\r\nflaws and built decryption tools, though it wasn’t their main focus. Sometimes they collided with Wosar.\r\nIn 2014, Wosar discovered that a ransomware strain called CryptoDefense copied and pasted from Microsoft\r\nWindows some of the code it used to lock and unlock files, not realizing that the same code was preserved in a\r\nfolder on the victim’s own computer. It was missing the signal, or “flag,” in their program, usually included by\r\nransomware creators to instruct Windows not to save a copy of the key.\r\nWosar quickly developed a decryption tool to retrieve the key. “We faced an interesting conundrum,” Sarah White,\r\nanother Hunting Team member, wrote on Emsisoft’s blog. “How to get our tool out to the most victims possible\r\nwithout alerting the malware developer of his mistake?”\r\nWosar discreetly sought out CryptoDefense victims through support forums, volunteer networks, and\r\nannouncements of where to contact for help. He avoided describing how the tool worked or the blunder it\r\nexploited. When victims came forward, he supplied the fix, scrubbing the ransomware from at least 350\r\ncomputers. CryptoDefense eventually “caught on to us ... but he still did not have access to the decrypter we used\r\nand had no idea how we were unlocking his victims’ files,” White wrote.\r\n\"We faced an interesting conundrum… How to get our tool out to the most victims\r\npossible without alerting the malware developer of his mistake?”\r\nSarah White, Ransomware Hunting Team\r\nBut then an antivirus company, Symantec, uncovered the same problem and bragged about the discovery on a blog\r\npost that “contained enough information to help the CryptoDefense developer find and correct the flaw,” White\r\nwrote. Within 24 hours the attackers began spreading a revised version. They changed its name to CryptoWall\r\nand made $325 million.\r\nSymantec “chose quick publicity over helping CryptoDefense victims recover their files,” White wrote.\r\n“Sometimes there are things that are better left unsaid.”\r\nA spokeswoman for Broadcom, which acquired Symantec’s enterprise security business in 2019, declined to\r\ncomment, saying that “the team members who worked on the tool are no longer with the company.” \r\nLike Wosar, the 29-year-old Gillespie comes from poverty and never went to college. When he was growing up\r\nin central Illinois, his family struggled so much financially that they sometimes had to move in with friends or\r\nrelatives. After high school, he worked full time for 10 years at a computer repair chain called Nerds on Call. Last\r\nyear, he became a malware and cybersecurity researcher at Coveware.\r\nLast December, he messaged Wosar for help. Gillespie had been working with a DarkSide victim who had paid a\r\nransom and received a tool to recover the data. But DarkSide’s decryptor had a reputation for being slow, and the\r\nvictim hoped that Gillespie could speed up the process.\r\nGillespie analyzed the software, which contained a key to release the files. He wanted to extract the key, but\r\nbecause it was stored in an unusually complex way, he couldn’t. He turned to Wosar, who was able to isolate it.\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 7 of 9\n\nThe teammates then began testing the key on other files infected by DarkSide. Gillespie checked files uploaded by\r\nvictims to the website he operates, ID Ransomware, while Wosar used VirusTotal, an online database of suspected\r\nmalware.\r\nThat night, they shared a discovery.\r\n“I have confirmation DarkSide is re-using their RSA keys,” Gillespie wrote to the Hunting Team on its Slack\r\nchannel. A type of cryptography, RSA generates two keys: a public key to encode data and a private key to\r\ndecipher it. RSA is used legitimately to safeguard many aspects of e-commerce, such as protecting credit numbers.\r\nBut it’s also been co-opted by ransomware hackers.\r\n“I noticed the same as I was able to decrypt newly encrypted files using their decrypter,” Wosar replied less than\r\nan hour later, at 2:45 a.m. London time.\r\nTheir analysis showed that before adopting the affiliate model, DarkSide had used a different public and private\r\nkey for each victim. Wosar suspected that during this transition, DarkSide introduced a mistake into its affiliate\r\nportal used to generate the ransomware for each target. Wosar and Gillespie could now use the key that Wosar had\r\nextracted to retrieve files from Windows machines seized by DarkSide. The cryptographic blunder didn’t affect\r\nLinux operating systems.\r\n“We were scratching our heads,” Wosar said. “Could they really have fucked up this badly? DarkSide was one of\r\nthe more professional ransomware-as-a-service schemes out there. For them to make such a huge mistake is very,\r\nvery rare.”\r\nThe Hunting Team celebrated quietly, without seeking publicity. White, who is a computer science student at\r\nRoyal Holloway, part of the University of London, began looking for DarkSide victims. She contacted firms that\r\nhandle digital forensics and incident response.\r\n“We told them, ‘Hey, listen, if you have any DarkSide victims, tell them to reach out to us; we can help them. We\r\ncan recover their files and they don’t have to pay a huge ransom,’” Wosar said.\r\nThe DarkSide hackers mostly took the Christmas season off. Gillespie and Wosar expected that when the attacks\r\nresumed in the new year, their discovery would help dozens of victims. But then Bitdefender published its post,\r\nunder the headline “Darkside Ransomware Decryption Tool.”\r\nIn a messaging channel with the ransomware response community, someone asked why Bitdefender would tip off\r\nthe hackers. “Publicity,” White responded. “Looks good. I can guarantee they’ll fix it much faster now though.”\r\nShe was right. The next day, DarkSide acknowledged the error that Wosar and Gillespie had found before\r\nBitdefender. “Due to the problem with key generation, some companies have the same keys,” the hackers wrote,\r\nadding that up to 40% of keys were affected.\r\nDarkSide mocked Bitdefender for releasing the decryptor at “the wrong time ... as the activity of us and our\r\npartners during the New Year holidays is the lowest.”\r\nAdding to the team’s frustrations, Wosar discovered that the Bitdefender tool had its own drawbacks. Using the\r\ncompany’s decryptor, he tried to unlock samples infected by DarkSide and found that they were damaged in the\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 8 of 9\n\nprocess. “They actually implemented the decryption wrong,” Wosar said. “That means if victims did use the\r\nBitdefender tool, there’s a good chance that they damaged the data.”\r\nAsked about Wosar’s criticism, Botezatu said that data recovery is difficult, and that Bitdefender has “taken all\r\nprecautions to make sure that we’re not compromising user data,” including exhaustive testing and “code that\r\nevaluates whether the resulting decrypted file is valid.”\r\nEven without Bitdefender, DarkSide might have soon realized its mistake anyway, Wosar and Gillespie said. For\r\nexample, as they sifted through compromised networks, the hackers might have come across emails in which\r\nvictims helped by the Hunting Team discussed the flaw.\r\n“They might figure it out that way—that is always a possibility,” Wosar said. “But it’s especially painful if a\r\nvulnerability is being burned through something stupid like this.”\r\nThe incident led the Hunting Team to coin a term for the premature exposure of a weakness in a ransomware\r\nstrain. “Internally, we often joke, ‘Yeah, they are probably going to pull a Bitdefender,’” Wosar said.\r\nThis story was co-published with ProPublica, a nonprofit newsroom that investigates abuses of power. Renee\r\nDudley and Daniel Golden have focused on ransomware for ProPublica and are working on a book about the\r\nRansomware Hunting Team, to be published next year by Farrar, Straus and Giroux.\r\nSign up to receive ProPublica's biggest stories as soon as they’re published.\r\nSource: https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nhttps://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.technologyreview.com/2021/05/24/1025195/colonial-pipeline-ransomware-bitdefender/"
	],
	"report_names": [
		"colonial-pipeline-ransomware-bitdefender"
	],
	"threat_actors": [],
	"ts_created_at": 1775791296,
	"ts_updated_at": 1775826718,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c6466b75d304c08a491814cf5ac19fc3fe27a483.pdf",
		"text": "https://archive.orkl.eu/c6466b75d304c08a491814cf5ac19fc3fe27a483.txt",
		"img": "https://archive.orkl.eu/c6466b75d304c08a491814cf5ac19fc3fe27a483.jpg"
	}
}