In early May, hackers shut down the computer networks of Colonial Pipeline, which supplies about 45 percent of the gasoline to the Southeastern U.S. As panic buying emptied gas stations throughout the region, Colonial paid $5 million in ransom to the intruders. Last week, the world’s largest meat producer, JBS, was forced to close slaughterhouses in the U.S., Canada, and Australia after a similar ransomware attack. Other recent attacks have targeted the New York subway system and a water treatment plant in Florida, and a wave of hacks paralyzed U.S. medical centers last year during the pandemic. Could ransomware attacks put the whole U.S. infrastructure at risk?
To Dmitri Alperovitch—the co-founder and chairman of Silverado Policy Accelerator, a nonprofit working on geopolitical cybersecurity, and the co-founder of the cybersecurity firm CrowdStrike—ransomware attacks have blighted organizations around the world for years, but the Colonial and JBS episodes have drawn new attention to the problem because of their scale. They affected tens of millions of people. Seizures of critical infrastructure like these are now one of the United States’ top national-security threats, Alperovitch says, and it’s vital that U.S. President Joe Biden confronts Russian President Vladimir Putin, as Russia provides a major haven for the criminal groups behind most attacks. As Alperovitch sees it, authorities need to put political pressure on Russia and deploy financial tools to stop the flow of ransom payments, because hackers can always find a way in.
Michael Bluhm: Are ransomware attacks getting worse?
Dmitri Alperovitch: These attacks have been going on for years. They’ve been increasing in frequency. It’s just that you’ve had two high-profile ones that have had a major impact on the daily life of every American—Colonial and JBS—in a way that others have not.
But you had a huge campaign against hospitals last year, you’ve had police departments, school districts; you’ve had manufacturing plants that have been shut down over the last few years. This is not new at all. It’s just that they’re now capturing so much attention because two very high-profile ones hit the wrong targets, from a visibility perspective.
Bluhm: Is there a pattern in the choice of targets?
Alperovitch: They were chosen opportunistically, because the criminals thought that they could make money there. They’re not very discerning. Unless you’re dealing with an organization that’s very poor, they’re likely to get a ransom paid.
They’re not spending a lot of time doing upfront research on these targets. They see an opportunity, a vulnerable service somewhere, an ability to buy access, because that company may already be infected, and they go straight for it.
Bluhm: Does that mean that any organization is a potential target? Is this a threat to everybody?
Alperovitch: This is the danger here: Everyone is vulnerable. Every single industry. The D.C. police department was hit a couple of months ago. No one is immune. And it’s only a matter of time before they get to you. You need to be prepared. They’re not excluding anyone at this point.