Explainer: Why ransomware attacks matter

The Babuk ransomware group's threat may be the most serious to date, said Brett Callow, a threat analyst and ransomware expert at the security firm Emsisoft.

“This is far worse than any hack of other police departments previously,” Callow said, adding that he's never seen a law enforcement agency pay a ransom before.

Ransomware gangs have been leaking sensitive data from victims for well over a year, but experts said they’ve not seen such aggressive new tactics used before against police departments. The cybercriminal mafias mostly operate in foreign safe havens out of the reach of Western law enforcement.

The average ransom payments last year were $310,000, up 171% from 2019, according to Palo Alto Networks.

It depends on how long the shutdown lasts. Colonial said it's likely to restore service on the majority of its pipeline by Friday.

There's no imminent shortfall, and thus no need to panic buy gasoline, said Richard Joswick, head of global oil analytics at S&P Global Platts. If the pipeline is restored by Friday, there won't be much of an issue. "If it does drag on for two weeks, it's a problem," Joswick added. "You'd wind up with price spikes and probably some service stations getting low on supply. And panic buying just makes it worse."

The average gasoline price jumped six cents to $2.96 over the past week, and it's expected to continue climbing because of the pipeline closure, according to AAA. Mississippi, Tennessee and the East Coast from Georgia to Delaware are the most likely to experience limited fuel availability and higher prices, and if the national average rises by three more cents, these would be the highest prices since November 2014, according to AAA.

The hackers are Russian speakers from DarkSide, one of dozens of ransomware gangs that specialize in double extortion, in which the criminals steal an organization's data before encrypting it. They then threaten to dump that data online if the victim doesn't pay up, creating a second disincentive to trying to recover without paying.

Ransomware gangs say they are motivated only by profit. 

They're not necessarily at greater risk, but they do pose unique challenges. The Colonial Pipeline structure is a vast piece of critical infrastructure that provides fuel supply to states along the East Coast. Such a large network is bound to have different control systems along its path where it connects with distributors or customers.

"Every single time you connect something, you run the risk that you're going to infect something," said Kevin Book, managing director at Clearview Energy Partners. That variability can also make it harder for hackers to know where to find vulnerabilities, he said.

Over time, as pipelines expand, companies can end up with a mix of technology — some parts built within the company and others brought in from outside, said Peter McNally, global sector lead at Third Bridge. Many large energy companies have been under pressure from investors to limit reinvestment in such assets, which can be decades old, he added. That can be a problem when dealing with modern criminals.

The Federal Energy Regulatory Commission has established and enforced mandatory cybersecurity standards for the bulk electric system, but there are no comparable standards for the nearly 3 million miles of natural gas, oil and hazardous liquid pipelines that traverse the United States. "Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors," said Richard Glick, chairman of the Federal Energy Regulatory Commission, and Democratic Commissioner Allison Clements, in a joint statement. They called for the U.S. to establish mandatory pipeline security standards.

WHAT CAN BE DONE TO HALT RANSOMWARE ATTACKS?

Previous attempts to put ransomware operators out of business by attacking their online infrastructure have amounted to internet whack-a-mole. The U.S. Cyber Command, Microsoft and cross-Atlantic police efforts with European partners have only been able to put a temporary dent in the problem.

Last month, a public-private task force including Microsoft, Amazon the FBI and the Secret Service gave the White House an 81-page urgent action plan that said considerable progress could be possible in a year if a concerted effort is mounted with U.S. allies, who are also under withering attack.

Some experts advocate banning ransom payments. The FBI discourages payment, but the task force said a ban would be a mistake as long as many potential targets remain "woefully unprepared," apt to go bankrupt if they can't pay. Neuberger said Monday that sometimes companies have no real choice but to pay a ransom.

The task force said ransomware actors need to be named and shamed and the governments that harbor them punished. It calls for mandatory disclosure of ransom payments and the creation of a federal "response fund" to provide financial assistance to victims in hopes that, in many cases, it will prevent them from paying ransoms.

___

Bajak reported from Boston. AP Writer Matthew Daly contributed from Washington.

US pipeline shutdown sparks worries of $3 gas

A cyberattack forced one of the top US fuel pipelines to shut down Friday, and analysts are worried the situation could result in a spike in g…

A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern Seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers.

Colonial Pipeline, the owner, halted all pipeline operations over the weekend, forcing what the company called a precautionary shutdown. U.S. officials said Monday that the "ransomware" malware used in the attack didn't spread to the critical systems that control the pipeline's operation. But the mere fact that it could have done so alarmed outside security experts.