The ransomware pandemic

“We are on the cusp of a global pandemic,” said Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency, told Congress last week. The virus causing the pandemic isn’t biological, however. It’s software.

Why it matters: Crippling a major U.S. oil pipeline this weekend initially looked like an act of war — but it’s now looking like an increasingly normal crime, bought off-the-shelf from a “ransomware as a service” provider known as DarkSide.

Driving the news: Colonial runs the largest refined products pipeline in the country, transporting over 100 million gallons per day. It was shut down on Friday in response to a ransomware attack, and will be reopened in “an incremental process” over the course of this week, per a corporate statement.

That’s faster than the market expected — energy prices fell after the statement was released, after rising on the initial shutdown news.

The big picture: No company is safe from ransomware, and often the lines between criminals and state actors can be fuzzy. Preventing even bigger future attacks will require a so-far elusive degree of coordination between the public and private sectors in dozens — if not hundreds of countries.

Threat level: Very high. “Cybersecurity will be the issue of this decade in terms of how much worse it is going to get,” IBM CEO Arvind Krishna told reporters Monday.
Currently, per Forrester analyst Allie Mellen, companies’ main strategy is to pay up if hit — and to try to be slightly less vulnerable to attack than their competitors. “What do security pros do right now to lower their risk in the face of future ransomware attacks? Outrun the guy next to you,” Mellen says.

Between the lines: If anything, Colonial Pipeline was lucky that it is so important to the functioning of the American economy. Its systemic status helped to mobilize the full resources of the U.S. government, and even elicited an apology, of sorts, from DarkSide.