Are ransomware attacks the top new threat to national security?
Experts say hijackings of computer systems are closing schools and delaying life-saving medical treatments in countries worldwide
A new US Justice Department taskforce set up to tackle ransomware has recovered $2.3m (£1.6m) in cryptocurrency paid to hackers who shut down the East Coast’s largest oil pipeline for six days.
The retrieval of 64 bitcoin handed over by Colonial Pipeline to “Russia-based extortionists” DarkSide marks “the first success” of the new unit tasked with combating the growing threat to computer networks, The Times reports.
The success was announced as National Security Advisor Jake Sullivan indicated that Joe Biden would “push to reorientate Nato from its traditional European remit remit more towards tackling cyberthreats and an increasingly aggressive China when he attends his first alliance meeting next week”, the paper adds.
Following a string of high-profile ransomware attacks on US targets, the president is also said to be mulling countermeasures “including a military response”, The Guardian reports, while officials have “ratcheted up pressure on companies and foreign adversaries to fight cybercriminals”.
The concept of a ransomware attack “can feel abstract”, The Washington Post says, and typically brings to mind images of “a group of organised but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return”.
But in reality, the paper continues, “the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people”.
Such attacks often begin with “phishing” - emails sent to fool employees into giving passwords or access to their company’s computer systems. Once inside, the hackers isolate key information, lock the system and demand a ransom in exchange for its release.
The attack on Colonial Pipeline began on 7 May and disrupted an oil supply that carries 2.5 million barrels a day - representing 45% of the East Coast’s supply of diesel, petrol and jet fuel. In the following six days, US fuel prices rose by six cents per gallon, according to the American Automobile Association (AAA).
The US government “relaxed rules on fuel being transported by road to minimise disruption to supply”, allowing delivery drivers across “18 states to work extra or more flexible hours when transporting refined petroleum products”, as the BBC reported at the time. But independent oil market analyst Gaurav Sharma told the broadcaster that oil companies were still “scrambling” to meet demand.
Similar attacks across the US have “resulted in missed chemotherapy appointments and delayed ambulances, lost school days, and transportation problems”, The Washington Post reports. And a recent hack on the JBS meat processing company triggered “worries about meat shortages or other key food providers being at risk”.
The US is not alone in facing an increase in hostile efforts to access key infrastructure. The UK’s National Cyber Security Centre (NCSC) last week warned of a spate of “ransomware attacks against schools, colleges and universities” in recent weeks.
The increase in ransomware campaigns “emphasises again the need for organisations in the sector to protect their networks”, said the NCSC said, which noted that the attacks can “have a devastating impact”.
The spike in attacks worldwide “is exactly what cybersecurity professionals have been warning about for years”, The Washington Post adds. “But it’s partially the impact on everyday people - far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise - that has made the risk more visible.”
“Our goal is to make money and not creating problems for society,” DarkSide said in a statement sent to US news network CNBC in the wake of the Colonial Pipeline attack.
The group of hackers is “apolitical” and “do not participate in geopolitics”, according to the statement, which claimed that DarkSide had been unaware its affiliates planned to target the US fuel pipeline. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the group added.
Despite that promise, the recent string of high-profile attacks on key US infrastructure has “saddled” the Biden administration with a “grave national security crisis” that is “putting civilians on the front lines of an invisible conflict likely to defy quick fixes to lessen the threat”, writes CNN White House reporter Stephen Collinson.
The attackers are “targeting the country's vulnerable infrastructure as it struggles back to life after pandemic shutdowns”, Collinson continues, leaving the president with “thorny dilemmas about how to respond without escalating a full-on international cyberwar”. The “White House must hurriedly muster the defences of a vulnerable private sector”, while delivering on a pledge to “make culprits pay a painful price”.
Commerce Secretary Gina Raimondo last week told reporters that the administration was considering “all of the options” to confront the threat of ransomware criminals, adding: “We’re not taking anything off the table as we think about possible repercussions, consequences or retaliation.”
The issue is also expected to be on the agenda when Biden meets with Vladimir Putin in Geneva for talks next week, amid the widely held belief that Russia “harbours some perpetrators” of major cyber assaults, The Guardian adds.
Biden wants Nato “to play a bigger role in tackling challenges facing the US from the Pacific and globally, while maintaining its foundational focus on Russia”, The Times reports.
Yet the “question of what kind of retaliation the US should launch is a fraught one”, says CNN’s Collinson.
“The cyber warfare battlefield is in the shadows, meaning there is little public evidence of actions the US may already have taken or the cathartic satisfaction of visible reprisals,” he writes.
“But any counter-attacks need to be calibrated to avoid an escalation that could not only cause a dangerous stand-off between the US and other nuclear powers but could also simply invite more attacks on US soil.”