Beyond Colonial Pipeline, Ransomware Cyberattacks Are a Growing Threat

Source: By Robert McMillan, Dustin Volz and Tawnell D. Hobbs, Wall Street Journal • Posted: Wednesday, May 12, 2021

Schools, hospitals, companies are targeted by ‘cyber weapons of mass destruction’

Colonial Pipeline was hit by a recent cyberattack that threatens to raise prices at the pump. Photo: francois picard/Agence France-Presse/Getty Images

The cyberattack that knocked offline an essential U.S. gasoline pipeline shows how the dangerous, professional-scale hack-for-ransom threat is spreading rapidly, targeting companies, schools, hospitals and other institutions.

While ransomware has been a challenge for small businesses for years, a confluence of factors have emboldened attackers in the past year, culminating in the shutdown Friday of a critical gasoline pipeline to the U.S. East Coast. The pipeline’s operator, Colonial Pipeline Co., now says service could be offline until week’s end, threatening to raise prices at the pumpfor millions of Americans.

Attacks are growing in number and scale as millions of people across the country work or attend school remotely, in some cases opening back doors to networks without corporate or institutional security protections, security researchers say.

Hackers have grown adept at communicating about vulnerabilities on the so-called Dark Web, a network of computers that can share information anonymously. The ability to demand payment in cryptocurrency limits law-enforcement tracking capabilities. And the growth in insurance policies that cover ransomware payments has helped seed an increasingly professionalized ransomware industry.

Senior officials in the Biden administration have said ransomware is likely the most serious cybersecurity threat to the U.S. and that on its current trajectory, the problem will only get worse in the years ahead. A senior Justice Department official likened the phenomenon to “cyber weapons of mass destruction.”

There is no official U.S. clearinghouse to track ransomware cases, but nearly 2,500 were reported to the Federal Bureau of Investigation last year, an increase of 66% from 2019.

While precise data on attacks are often difficult to come by, partly due to the desire for secrecy among both perpetrators and victims, ransomware victims paid hackers at least $350 million in cryptocurrency payments in 2020, a fourfold increase from the previous year, according to the blockchain analysis firm Chainalysis Inc. Other security experts and cybersecurity officials have estimated the overall toll on the U.S. economy registers in the billions annually.

“The reason why ransomware is exploding is because it’s scalable, predictable and lucrative,” said Antony P. Kim, a partner with the law firm Orrick Herrington & Sutcliffe LLP’s cyber, privacy and data innovation practice. “If that isn’t a business model, I don’t know what is.”

The Federal Bureau of Investigation has for years told companies that they shouldn’t pay ransoms when victimized by hackers, but the cybersecurity firm Bitdefender says that at least half of all victims end up paying.

The companies least vulnerable are those that back up systems so they don’t feel pressure to pay, but doing so can be costly up front.

Ransomware encrypts the contents of the victim’s computers, making them unusable until a payment is made, at which point the hackers promise to give the victims a decryption key—a complex series of letters and numbers that will unlock their systems. Often victims pay ransom because they have no backup copies of the infected systems or because the effort required to restore hundreds of computers is prohibitive.

“We are on the cusp of a global digital pandemic, driven by greed, a vulnerable digital ecosystem, and an ever-widening criminal enterprise,” Chris Krebs, the former top cybersecurity official in the Department of Homeland Security under President Trump, said in congressional testimony about ransomware last week.