“US Critical Infrastructure Remains Vulnerable to Ransomware Attacks Two Years After Colonial Pipeline”

US Critical Infrastructure Remains Vulnerable to Ransomware Attacks, Experts Warn

As the second anniversary of the massive ransomware attack on Colonial Pipeline nears, experts warn that efforts to thwart the potentially debilitating threat to US critical infrastructure have not been enough. The cyberattack on its IT infrastructure forced Colonial Pipeline to shut down its entire operations for the first time ever, triggering a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency.

The incident immediately elevated ransomware to a national security level threat and galvanized concerted action from the Executive Branch down. Since the attack — and another one shortly thereafter on JBS that threatened domestic meat shortages — the US government has said it would treat the use of ransomware on critical infrastructure as terrorism.

Unfinished Business

Last year, the FBI received 2,385 ransomware complaints, of which 870 involved critical infrastructure organizations. The trend continues unabated in 2023: BlackFog’s State of Ransomware Report for April 2023 showed ransomware attacks on healthcare, government, and the health sector are continuing to grow, despite other vendor reports of a slowdown in attack volumes.

Security experts view the situation as one where for all the work done so far, there’s a lot more to do. More specific directives for critical infrastructure organizations are needed to evolve the minimum cybersecurity requirements for critical sectors. Also, enhancing standards for authentication and identity proofing to prevent ransomware incidents from occurring is essential. According to Theresa Payton, former CIO at the Executive Office of the President at the White House and CEO at Fortalice Solutions, “Critical infrastructure organizations like Colonial Pipeline should adopt zero-trust principles to prevent ransomware attacks, especially as social engineering becomes more realistic, sophisticated, persistent, and complex.”

The lack of good procedures among US infrastructure operators has exposed a resilience issue, requiring organizations to take punches without taking too much time to recover and prevent existing fuel supply problems like what happened with Colonial Pipeline.

Making Ransomware Attacks Costlier

Efforts to make ransomware attackers harder and costlier for attackers have been made for the past two years. The Treasury Department used its existing Office of Foreign Assets Control (OFAC) authority to ban the use of crypto exchanges for extortion payments. The US Department of Justice has been proactive in taking down criminal infrastructure and apprehending criminals.

Going forward, the emphasis must be on defending and taking out criminal infrastructure. Identifying and sanctioning criminals for eventual capture and incarceration and prohibiting ransomware victims from making payments are some ways to prevent ransomware attacks from continuing to happen.

Ransomware Lives On

Ransomware attacks on critical infrastructure are growing, and organizations are delaying and sometimes not reporting a ransomware incident because they are concerned about potential damage to their brands, reputation, and customer relationships. This tendency to cover up ransomware incidents could complicate efforts to address the ransomware problem. Organizations must come forward to report ransomware incidents so that they can be handled quickly and correctly.

Efforts by the US Cybersecurity and Infrastructure Agency (CISA) to warn organizations about potential pre-ransomware threats on their networks are vital. Since the beginning of the year, CISA has already flagged over 60 organizations in the healthcare, utilities, and other sectors. Such help is especially vital since utilities and critical infrastructure continue to become more connected online, where moving to the cloud can also present some issues.

The war against ransomware on critical infrastructure is far from over. Despite the measures taken so far, more needs to be done, and critical infrastructure operators must take the necessary measures to protect against ransomware attacks. The risks are high, and failure to act promptly can result in disastrous outcomes.