fb-pixel Skip to main content

Ransomware attacks could reach ‘pandemic’ levels: What to know after the oil pipeline hack

Tanker trucks were parked near Colonial Pipeline in Charlotte, N.C. The pipeline shut down after a hacker attack.
Tanker trucks were parked near Colonial Pipeline in Charlotte, N.C. The pipeline shut down after a hacker attack.Chris Carlson/Associated Press

A cybersecurity expert warned federal lawmakers last week that the world was on the cusp of a ’'pandemic of a different variety.’'

Christopher Krebs, who formerly headed the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, testified May 5 before the House Committee on Homeland Security that a form of malware called ransomware has become more prevalent than ever. Given an ever-widening criminal enterprise and vulnerable digital landscape, he said, critical infrastructure is at risk of debilitating attacks.

Two days later, Colonial Pipeline, a major fuel pipeline connecting the East Coast, was hit in the largest known hack on US energy infrastructure.

Advertisement



That prompted a shutdown of the pipeline, a panic-buying spree for gasoline, and a price jump at the pumps over the weekend. The company said Wednesday that it had resumed some operations. It was one of the latest in crippling ransomware attacks orchestrated by extortionary criminal organizations that mostly operate in foreign safe havens, outside the grasp of the US criminal justice system.

Experts say continued ransomware threats are inevitable, calling on businesses and governments to ramp up efforts to secure their online networks.

’'Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat,’' Krebs told lawmakers. ’'If there was any remaining doubt on that front, let’s dispense with it now: Too many lives are at stake.’'

Q: What’s a ransomware attack?

A: Ransomware, a malicious computer code that hackers deploy to block an organization’s access to its own computer network to extort a ransom, is one of the most common forms of malware, experts say.

Hackers may barrage employees with phishing e-mails, convincing the user to download a file or visit an infected website, unleashing the hostile malware.

Once they have seized control of the network, the criminals provide a payment deadline, and if it is not met, they can lock the network from their target or publicly share sensitive data.

Advertisement



Such attacks have reached a record high recently, with nearly 400 assaults on critical infrastructure in 2020, according to data compiled by Temple University. In the past week, hackers published personnel files of Washington, D.C., police officers, caused city services in Tulsa, Okla., to shut down, and paralyzed a California hospital system.

On Friday, Colonial Pipeline announced it had shut down its 5,500 miles of pipeline, which it said carried almost half of the East Coast’s fuel supplies. The company later said it was hit by a ransomware attack but has shared little about how cybercriminals broke into its network.

The FBI confirmed Monday that the group responsible is known as DarkSide, an Eastern European criminal gang.

Q: Why is our infrastructure vulnerable?

A: Much of America’s aging infrastructure was built long before online networks used today came into existence, resulting in vulnerabilities as existing organizations go digital.

’'The underlying enabling factors for this cybercrime explosion are rooted in the digital dumpster fire of our seemingly pathological need to connect everything to the Internet combined with how hard it is to actually secure what we have connected,’' Krebs testified.

In addition, local governments, school districts, small businesses, and others have limited ways to shore up cybersecurity in the face of a threat.

With the advent of cryptocurrency and expanding network of criminal groups like DarkSide, ransomware is a burgeoning enterprise, outpacing the development of protective measures.

Advertisement



Cryptocurrency, a form of digital cash, is unregulated or underregulated in some jurisdictions, making it more difficult to track. Hackers have even developed customer hotlines for their targets, streamlining the nefarious process.

’'Ransomware-as-a-Service is big business and we are not surprised groups like DarkSide are capitalizing on extortion techniques that are quickly becoming a hallmark for many eCrime actors,’' Matt Trushinski, technical director at the cybersecurity firm Arctic Wolf, wrote in an e-mail.

When it comes to critical industries like energy, experts say, the government needs to take a closer look at what steps companies take to secure themselves.

’'We need to have open and candid conversations with oil & gas companies about what measures they’re taking to protect the nation’s critical infrastructure,’' oil and gas cybersecurity expert Damon Small wrote in a statement. ’'In many ways, oil & gas is self-regulated.’'

Q: How much could ransomware attacks cost?

A: Given the far-reaching consequences of the onslaughts, it’s difficult to fully grasp the economic toll, though one firm calculated that the cost exceeds billions of dollars.

Victims can be anyone, including cities. In 2020, 113 federal, state, and local governments and agencies reported they had been struck, costing about $915 million, according to an estimate by Emsisoft, a cybersecurity company.

Hacker gangs can demand any sum of money they believe a company or government would pay to get back online.

Q: What can be done about ransomware attacks?

Advertisement



A: The best strategy is to stay ahead of the competition when updating security measures, Forrester analyst Allie Mellen said. A firm with less-stringent cybersecurity is likely to be targeted.

Put simply: ’'Outrun the guy next to you,’' she said.

On the list of ’'quick wins,’' Mellon advises strengthening passwords, testing the response plan in case of an emergency, and implementing multifactor authentication, which requires two or more levels of verification before a user can sign on to the company’s network.