World Colonial Pipeline ransomware attack highlights US vulnerability: Experts
What is ransomware? Everything you need to know about one of the biggest menaces on the web
Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?
Millions of Americans on Thursday wereof the ransomware attack that led to the of one of the biggest gas pipelines on the East Coast.
While Colonial Pipeline said operations were starting to return to normal, at gas stations that haven't run out of fuel in North Carolina and other southeastern states, drivers continued to wait in lines to fill up. And for the first time in seven years, thereached $3 a gallon.
The Colonial Pipeline ransomware incident highlights the huge fallout cyberattacks can have on the country's critical infrastructure and raises new questions about why the U.S. is so vulnerable to such crippling strikes and about what's being done to keep them from happening.
Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’
The chief executive has confirmed the payment of a $4.4 million ransom.Speaking to the Wall Street Journal, Colonial Pipeline CEO Joseph Blount acknowledged that a $4.4 million ransom demand was paid after a ransom note was found by an employee on the firm's systems on May 7.
Experts say ransomware attacks, in particular, have been on the rise because of how easily they can be deployed, carried out by actors ranging from enemy nations to criminal gangs.
"Cybersecurity is a problem because the cyber vulnerabilities can be exploited by very small groups with small amounts of funding, it is the ultimate asymmetric threat," Tom Bossert, homeland security adviser under Presidenttold ABC News.
The FBI said Monday that ransomware from DarkSide, a criminal organization that operates in Eastern Europe, was responsible for the Colonial Pipeline network attack.
While federal officials were still trying to determine whether a foreign nation could be involved, Russian intelligence has been known to cooperate with Eastern European cybercriminals in the past.
Colonial Pipeline ransomware hack and gas shortage: What you need to know
A weekend shutdown of the pipeline is still playing out along the East Coast.Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations.
Prevention, Bossert said, involves remembering human beings are behind the attacks.
"We need better technical solutions on that as a group or part of a group of people trying to develop innovative solutions for better technology to prevent attacks, but there's got to be a government role in stopping the human beings that are doing the attacking," Bossert explained.
Former Assistant Secretary for Homeland Security Elizabeth Neumann, an ABC News contributor, said companies and governments need to keep pace with the growing security threat.
"There’s a lot more we can be doing with our critical infrastructure," Neumann said. “More of these systems are being digitized. Things that used to be manually operated are now being operated by computers and that of course creates vulnerability. The infrastructure in of itself is very expensive. A lot of it is decades old … because they are so underfunded, they tend to not update their IT very often.”
Overnight Energy: 5 takeaways from the Colonial Pipeline attack | Colonial aims to 'substantially' restore pipeline operations by end of week | Three questions about Biden's conservation goals
HAPPY MONDAY. Welcome to Overnight Energy, your source for the day's energy and environment news.Please send tips and comments to Rachel Frazin at email@example.com . Follow her on Twitter: @RachelFrazin . Reach Zack Budryk at firstname.lastname@example.org or follow him on Twitter: @BudrykZack . Signup for our newsletter and others HERE. Today it's pipelines all the way down as we examine what you need to know about the cyberattack that's haltedToday it's pipelines all the way down as we examine what you need to know about the cyberattack that's halted operations at a pipeline serving 45 percent of people on the East Coast, plus a look at President Biden's conservation plan.
Neumann said the impact of future cyberattacks could be much more severe, particularly if a foreign adversary is involved.
Another expert told ABC News that such a large-scale ransomware attack was only a matter of time, given the uptick and lack of cybersecurity coordination between private companies and the government, a key point in thePresident Joe Biden signed Wednesday evening.
"It was inevitable that we would reach a point where one of these attacks would have significant economic damage," Dmitri Alperovitch, the executive chairman at Silverado Policy Accelerator and a former CTO of CrowdStrike, said.
Hackers can successfully infiltrate a system's computer network and deploy malicious software to effectively seize control, holding hostage files or data until a ransom is paid.
"Many of these ransom operations are more about extortion than ransomware where they will steal data -- typically emails -- and threaten their release and try to embarrass companies and hopefully find -- from their perspective -- find something that these companies will really want to keep quiet, whether it's intellectual property or information on customers," Alperovitch said, "and that would increase the likelihood of actually getting ransom."
After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin
The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic. Ransomware: An executive guide to one of the biggest menaces on the web
The boom in ransomware, he said, coincides with the boom in cryptocurrency.
"We have seen a huge explosion in ransomware cases in the last 10 years and really coincides with the development of cryptocurrency," he explained. "Before we had cryptocurrency there was really no way that these criminal groups could get ransoms in a pseudo-anonymous way that wouldn't be tracked back to them. Bitcoin and other cryptocurrencies have given them that opportunity."
Jim Langevin, a Rhode Island Democrat and founding member of U.S. Cyberspace Solarium Commission, told ABC News that proper funding is needed in order to further secure the nation from cyberattacks.
"We need to strengthen the system by properly funding system to develop their own inherent capabilities and expertise if a situation like this arises again," he explained.
Langevin called the ransomware attack on Colonial Pipeline one of the worst he's seen.
"It is absolutely a road map for enemies and adversaries to potentially carry out a devastating blow against our critical infrastructure and really damage not only our economy, but lead to injury or potentially loss of life," he explained. "We are not prepared. We're not ready. We need to do more. We need to step up our game."
Colonial Pipeline shutdown: Expect fuel shortages to go away by Memorial Day, expert says
Colonial Pipeline will likely resume over the next two days, but consumers may have to wait longer in line, experts say.The shut-off of the pipeline, the primary fuel conduit serving the East Coast, spurred many people on the east coast and in the southeast into panic-buying — with some hoarding gas — and drained supplies at thousands of gas stations. Average gas prices are above $3, and some stations in the Southeast are running out or low on fuel.
He said public and private partnerships are needed.
"This is not a problem with respect to cybersecurity that government could solve on its own or that that private sector can solve on its own," he said. "It's going to be more of a collaboration and a partnership, sharing intelligence, sharing relevant threat information. That's what's going to get us to stronger cybersecurity."
"We need far better technical controls. We need a much better integration operationally between security vendors, companies and the United States government, and we're going to need to be careful," he said. "We need to start acting collectively together to achieve a result, otherwise we're all going to stand alone and fail all by ourselves. This is a collective problem, there are better technical solutions out there."
Biden's executive order mandates that companies that work directly with the federal government must immediately disclose a cyber breach to the federal government.
The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is responsible for protecting the nation's cyber infrastructure.
Acting CISA Director Brandon Wales laid out the agency's shortfalls before Congress this week, saying they boil down to funding and the not keeping pace with fast-evolving technology.
"We're in a bit of a technology and cybersecurity deficit that we have not invested to the degree necessary over time," he told lawmakers. "The challenge in cyber is that the threats and the technology are advancing substantially. The technology that we deployed 15 years ago, needs substantial modernization to ensure that it keeps pace with the threats that we're now facing."
Hillicon Valley: Colonial Pipeline attack underscores US energy's vulnerabilities | Biden leading 'whole-of-government' response to hack | Attorneys general urge Facebook to scrap Instagram for kids .
Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter by clicking HERE. Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.The nation's oil and gas sector was left reeling from a ransomware attack late last week that caused Colonial Pipeline to shut down operations that provide around 45 percent of the East Coast's oil.