May 11, 2021 - Technology

Why companies and cities are such a juicy target for ransomware

Illustration of a fish hook surrounded by multiple cursors
Illustration: Sarah Grillo/Axios

Last weekend's ransomware attack on a major U.S. energy pipeline highlighted a growing dilemma facing U.S. companies and institutions: the more their processes go digital, the more vulnerable they are to malicious digital attacks.

Why it matters: The tech industry loves to talk up how the pandemic accelerated the pace of digital transformation, which it has. But that brings fresh risks from cyberattacks with a broad range of motivations — from hacker mischief to international espionage to financial profit, as appears to be the case with the new incident.

Catch up quick: Colonial runs the largest refined products pipeline in the country, transporting over 100 million gallons per day from Texas to the Northeast and providing roughly 45% of the region's fuel needs.

  • It was shut down on Sunday in response to a ransomware attack, and will be reopened in "an incremental process" over the course of this week, per a corporate statement.
  • Monday the FBI attributed the attack to a group called DarkSide, likely operating in Russia or eastern Europe, that specializes in attacks on for-profit companies.

Of note: DarkSide operates in a "ransomware-as-a-service" mode borrowed from the software industry's dominant business model: The group provides a set of readymade tools for its customers to employ in order to blackmail companies.

  • That makes it even harder to be sure of the attackers' identities and motives.
  • DarkSide even posted a sort-of apology for the attack, claiming that it is looking to make money, not disrupt society.

Yes, but: Companies and organizations also face threats from nation-state actors that are looking to attack infrastructure or steal secrets, and there's no easy way to draw a clear line between different kinds of attackers.

What they're saying: "I believe cybersecurity will be the issue of this decade in terms of how much worse it is going to get," IBM CEO Arvind Krishna said Monday during a briefing with reporters. "The value lies in data so people are going to come after data."

Between the lines: Companies also face a computing world that's changed from the era when they stored most of their critical information on their own servers. That didn't necessarily mean better security — often the opposite — but, arguably, more of the data was in their control.

  • These days, organizations tend to have some of their data in house, but they also rely on cloud providers like Amazon's AWS, Microsoft Azure and Google Cloud. Plus, many also rely on software-as-a-service companies like Salesforce.
  • And, even where data is stored locally, companies often rely on software from others, meaning that they are only as secure as the least secure product they rely on. Hence, the power of last winter's SolarWinds attack.

The big picture: The Colonial attack comes after a year in which cities and hospitals emerged as frequent targets.

  • Ransomware tactics force critical infrastructure providers "to choose between indefinite suspension of critical business processes or paying the ransom," says Forrester analyst Allie Mellen.

What's next: The pipeline attack came as the Biden administration is preparing a new executive order aimed at strengthening U.S. resilience in the face of new digital threats — including, per the New York Times, tighter standards for federal contractors and requirements that software makers report vulnerabilities to the government.

  • IBM's Krishna suggested the creation of a government agency with the scale of NASA's effort to put a man on the moon: "There should be a a similar public-private partnership today where you invest an equal amount of money as the inflation-adjusted NASA amount."

Go deeper: What to know about the Colonial Pipeline cyberattack

Go deeper