There's an hypocrisy at the heart of the cyber security industry today.

On one hand, everybody you ask will always give the same advice.

Never pay ransomware hackers. The FBI explicitly advises companies

against paying and cyber security professionals advocate the same line. It's possible that you've heard this sentiment shared at some

point right here on this podcast. But what about when push comes to shove and there's no better solution available.

On May 7th, 2021, the colonial pipeline system supplying oil and jet fuel to the American Southeast was penetrated by a

ransomware group called Darkside. To contain the damage, the entire system was

shut down. Many of you American listeners might have experienced

the fallout firsthand. In cities and small towns alike, gas station lines piled up

dozens of cars deep, even in areas not directly serviced by colonial

simply because everybody was so worried about running out of fuel.

With panic spreading across the coast, it was the FBI.

The same FBI that tells you not to pay Ransomware hackers,

which negotiated a payment of 4.4 million dollars worth of Bitcoin to Darkside

within mere hours of the breach.

Darkside provided a restoration tool in exchange,

and five days later later pipeline operations resumed.

So what does this tell us about paying ransom's?

Should colonial pipeline have refused to pay and remained offline, affecting a third of all Americans?

What about you or your company? Should you listen to what the experts say or follow what they occasionally do.

It's complicated, but we can model this problem. You're going to. Hi, I'm Marian Levy.

Welcome to Cyber reasons Malicious Life. life. K Ute Chen is an experimental economist.

...