The May 7 ransomware attack on the Colonial Pipeline “is probably the most significant ransomware attack on one of our critical infrastructures ever,” said Rep. John Katko, R-N.Y. And shortly after the pipeline was hit, the U.S. faced more ransomware attacks — targeting cities, ferries and even a meat plant.
“Although ransomware has really been around since 2013, it has not yet been seriously taken in terms of something that could impact critical infrastructure,” said Vanessa Pegueros, chief trust and security officer at OneLogin.
Ransomware, a program that hackers use to hold digital information hostage, has become the top choice of malware for criminals in recent years. In 2020, the total amount of ransom paid by victims reached nearly $350 million worth of cryptocurrency, a 311% increase compared with the previous year, according to Chainalysis.
“Over the last two years, it’s well into the millions, hundreds of millions of dollars from victims that we’ve come across,” said Marc Bleicher, managing director at Arete Incident Response.
Ransomware has grown into a multibillion-dollar industry. A majority of the ransom paid is shared among a relatively small number of highly organized groups of criminals with names such as Evil Corp. or DarkSide. According to Chainalysis, 199 deposit addresses received 80% of all ransoms paid in 2020, while an even smaller group, 25 addresses, accounted for nearly half.
These groups have become increasingly bold, showing off bundles of cash and fancy sports cars. That’s because tracking, arresting and bringing these hackers to justice is often incredibly difficult.
“A lot of these organizations are allowed to essentially operate freely within Russia or other former Soviet states as long as they don’t hit anybody within that country,” Bleicher said. “So unless there’s a cooperation at the political level there, I don’t see this going away anytime soon.”