The Colonial Pipeline Cyber Ransomware Attack and the Continued Threat to the United States

Those who were not aware of the cyberattacks in the United States are now very aware of the threat after a ransomware attack forced a pipeline to shut down in early May 2021. The Colonial pipeline is one of the nation’s largest pipelines carrying gasoline and jet fuel from Texas to New York. This sent people into a frenzy, with hour-long lines for the gas stations where people were stocking up on gasoline. Gas stations quickly put restrictions on the number of gallons people could buy.  

The pipeline’s corporate computer networks were hit by a ransomware attack. This is where criminal organizations hold data hostage until the victim pays a ransom. It was confirmed that the FBI was involved in the investigation, as well as the Energy Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The organization identified with orchestrating this attack is called DarkSide. This is a group claiming to be apolitical and stating that their “goal is to make money and not creating problems for society”

This attack showed many people just how big of an effect these attacks can have on not only our energy infrastructure sector but health care, technology, financial sectors. Over the last 5 years, there has been an increasing number of cyber-attacks on the US. Many of these, being ransomware attacks.

A ransomware attack is malicious actors that demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. Officials didn’t believe the attack was an act of a nation seeking to disrupt the critical infrastructure of the United States.  Instead, a criminal organization that could have a loose affiliation to foreign intelligence agencies.  

Other Areas of Attack

Another major area of attack to the US from a cyberterrorist would be the hacking of hospital databases and machinery. This is especially prevelant in recent months due to the COVID-19 pandemic. In September 2020, Universal Health Services, one of the largest hospital chains in the U.S., was hit with a cyberattack, causing its computers and phone systems to fail. This led to surgeries being canceled and ambulances having to be rerouted as the hospital was trying to address this cyberattack. The attacker was using ransomware software that hijacks the organization’s systems and refuses to turn them over unless the hospital pays the money. The perpetrator or group behind this attack is still unknown and being investigated by the FBI. 

How do these Attacks Occur? 

During this time of the pandemic, the perpetrators of these attacks are taking advantage of many people working from home, accessing control systems remotely. They are able to hack into these systems as well as purchase login information from certain online software. In a recent briefing with members of congress, the Biden administration stated that they intend to crack down on the use of cryptocurrencies in ransomware attacks. This is through more rigorous tracking of proceeds paid to hackers behind the disabling of companies, organizations, and government agencies around the world, according to people familiar with the matter.

The White House has created a ransomware task force and warns American businesses to take urgent security measures to protect against ransomware attacks, as hackers shift their tactics from stealing data to disrupting critical infrastructure.

These attacks demonstrate the importance of boosting U.S. investment in more advanced cyberattack prevention technology. Likewise, in people who surveil the government, corporate, and personal databases for irregularities and signs of attackers.