"OK, now that you have our attention, and the eyes of the entire international media apparatus are on us, here's how we're going to do this. We're going to send some integer number of million money dollars down this pipe, and you're going to turn that gas pipe back on like you said you would.
Then here's what happens next... we're going to give you an integer number of minutes running head start before the drone strikes start raining down on these 12 sites we've identified as likely candidates for your location, ... now how many millions was it that you were asking for from us again?"
Doesn't really matter how much it was, either, if it has really been seized already in less than 24 hours. Was it enough to convince the boss guy or gal to take the bait and risk revealing themselves? (Probably not, but IMHO that wasn't likely to happen anyway, at least not since the heat started getting turned up on them all.)
It's easy to say "basically zero chance" when we're armchair quarterbacks and not the ones in the hot seat.
I'm inclined to agree that our cyber-security apparatus is not up to the task, but it's also true that nobody has perfect OpSec, (and I'd guess there are few out there have deeper pockets to track down and make sure the perpetrators regret this, than the combination of US government + oil companies.)
This isn't the first such attack. You can bet the big agencies worldwide have been aware of ransomware and investigating. They have been putting evidence together. It only takes a few of the right mistakes on the part of the criminals for them to be figured out. In the long run the advantage is to the police because they can keep looking.
If you want to be a criminal who gets away with it you really need exactly one big action, and at most a few tiny practice runs before the big one. Choose your target well because once the big one is done you have to be done. (and don't do anything copycat - investigations to get the first guy might find you instead)
Yep. Compromised people on the inside, informants, "intensive interrogation" etc. are more likely the way, as has always been the case.
Also the agencies that would know who these people are would not want to reveal what they know in order to save random XYZ Corp's bacon. With this being seen as a "critical infrastructure" attack and something closer to an act of war/terrorism, the stakes got higher.
"OK, now that you have our attention, and the eyes of the entire international media apparatus are on us, here's how we're going to do this. We're going to send some integer number of million money dollars down this pipe, and you're going to turn that gas pipe back on like you said you would.
Then here's what happens next... we're going to give you an integer number of minutes running head start before the drone strikes start raining down on these 12 sites we've identified as likely candidates for your location, ... now how many millions was it that you were asking for from us again?"
Doesn't really matter how much it was, either, if it has really been seized already in less than 24 hours. Was it enough to convince the boss guy or gal to take the bait and risk revealing themselves? (Probably not, but IMHO that wasn't likely to happen anyway, at least not since the heat started getting turned up on them all.)