Over the weekend, criminals forced the shutdown of a U.S. oil pipeline. The closure was an attempt to force money from the Colonial Pipeline organization. The Biden administration says an “all-hands-on-deck” effort is underway to restore operations and avoid disruptions in the nation’s fuel supply.
Cyberextortion (forcing money via an internet scheme) attempts in the United States are a a problem. In the past year, attacks have forced delays in cancer treatment at hospitals, interrupted schooling, and paralyzed police forces and city governments.
In a ransomware attack, hackers lock up computer systems by encrypting data. Then they demand money to release the information.
David Kennedy, founder of TrustedSec, says that once officials discover a ransomware attack, companies can do little but completely rebuild their systems—or pay the ransom.
Average ransoms paid in the United States jumped nearly threefold to more than $310,000 last year. The average downtime for victims of ransomware attacks is 21 days.
The attacked pipeline, operated by Georgia-based Colonial Pipeline, carries gasoline and other fuel from Texas to the U.S. Northeast. It delivers roughly 45% of fuel consumed on the East Coast. The recent ransomware attack hit computers controlling pipeline functions.
A Russia-based criminal gang known as DarkSide is likely responsible. Ransomware gangs like DarkSide have cost Western nations tens of billions of dollars in the past three years. But the group promotes a Robin Hood image—one of stealing from corporations and giving a cut away.
DarkSide claims that it does not attack medical, educational, or government targets—only large corporations. The group also boasts that it donates a portion of its take to charity. But the Bible’s injunction is clear: “Let the thief no longer steal, but rather let him labor, doing honest work with his own hands, so that he may have something to share with anyone in need.” (Ephesians 4:28)
Experts say U.S. gasoline prices probably won’t be affected if the pipeline is back to normal in a few days. But on Monday, prices were up a few cents per gallon as long lines formed at the pumps. Those experts also say the incident is the worst cyberattack to date on critical U.S. infrastructure (basic facilities). They believe the attack should be a wake-up call to companies about their weaknesses.
Commerce Secretary Gina Raimondo says ransomware attacks are “what businesses now have to worry about” and that she will work “very vigorously” with the Homeland Security Department to address the problem.
“Unfortunately, these sorts of attacks are becoming more frequent,” she says. “We are working closely with the company, state, and local officials to make sure that they get back up to normal operations as quickly as possible.”
Security experts say the attack should be a warning for operators of critical infrastructure—including electrical and water utilities and energy and transportation companies: Not investing in updating their security puts them at risk of catastrophe.
Colonial transports gasoline, diesel, jet fuel, and home heating oil from refineries on the Gulf Coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 5,500 miles, transporting more than 100 million gallons each day.
Researcher Debnil Chowdhury says that if the current oil outage stretches to one to three weeks, gas prices could begin to rise. Shortages would become pronounced.
“I wouldn’t be surprised, if this ends up being an outage of that magnitude, if we see 15- to 20-cent rise in gas prices over next week or two,” he says.
“Ransomware is absolutely out of control and one of the biggest threats we face as a nation,” Kennedy says. Then he adds, “Most companies are grossly underprepared to face these threats.”
(Traffic passes oil storage tanks owned by the Colonial Pipeline Company in Linden, New Jersey. AP/Mark Lennihan)