Colonial Pipeline Fallout: What Is Ransomware & Why Will Cyberattacks Get Worse?

The mainstream media garnered a great deal of attention for its coverage of the Colonial Pipeline incident. Few could argue with conservative firebrands such as Ben Shapiro that the failures of the Biden Administration were making 2021 look like the Jimmy Carter 1970s with images of war in the Middle East, inflation, and gas lines thanks to hackers.

And yes, Joe Biden’s handlers did manage to blame the cyberattack on “Russia” because Vladimir Putin is the left’s go-to boogeyman. But what few explained during the weeklong gas “supply crunch,” as Energy Secretary Jennifer Granholm called it, is how ransomware attacks happen and the fallout of paying the $5 million in extortion money.

Although the media enjoyed hyping the incident as an “attack,” ransomware is more akin to a kidnapping plot. Digital thieves manage to insert a virus into a computer network and seize control of everything. To unlock the network, business leaders and, sometimes, government agencies pay the ransom money on the dark web. In return, outfits like Colonial Pipeline get their assets back. It’s almost identical to kidnappers black-bagging someone and dumping them on a street corner after getting a briefcase full of cash.

The theft is not typically orchestrated by a rogue nation or “Russian Hackers” working for Putin. They are often a group of technology nerds with hacking skills and a penchant for crime. As DarkSide, the group taking credit for the Colonial Pipeline hack, noted, they’re in it solely for the money. But the “how” in this crime should have working Americans worried.

Ransomware “attacks” primarily rely on human error. Hackers send out thousands of “phishing” emails prompting people to open them and click on a link or download a file. That link or file contains the ransomware virus. Other pathways into Colonial’s system might have included someone using a password such as “password123,” like Hillary Clinton’s former campaign manager, John Podesta. Another beauty was the recent SolarWinds hack in which an intern used “solarwinds123” and then posted the information on GitHub. The point is that someone within the Colonial Pipeline organization with access to the network probably made a foolish and avoidable mistake.

If a bunch of miscreants halfway around the world could boost $5 million from a major energy resource, that’s doesn’t bode well for the security of America’s critical infrastructure. That’s largely because enemy countries employ “advanced persistent threats” that make DarkSide look like amateurs.

If you were an online thief and saw how easily the U.S. energy sector could be leveraged, wouldn’t you consider American infrastructure low-hanging fruit ripe for the plucking? Now consider how prevalent ransomware incursions happen based on the following statistics.

• Ransomware attacks increased from 3.2 million in 2014 to 304 million in 2020.
• Ransomware is now the most used hacking technique, growing by more than 350 percent since 2018.
• More than 200,000 businesses had networks seized by ransomware in 2019.
• Extortion payments have increased by 171 percent, now averaging $300,000 per incident.

Given that DarkSide made international headlines by forcing Colonial and the Biden Administration to bend the knee and pay up, one can only anticipate a tsunami of malicious emails are being sent to energy companies across the nation, as well as government agencies. Electric grids could go down, nuclear power plants will be targeted, and air traffic control systems could go offline unless bitcoin is doled out on the dark web.

Petty thieves just want to get paid and will generally release the network afterward. Iran, China, and the wide-reaching terrorist organizations who hate American freedom won’t. Those splashy headlines about the “supply crunch” and “$5 million ransom” have emboldened our enemies. They don’t need guns or bombs to cripple the U.S., just a laptop and a latte.