Hacking Pipelines and Power Plants to Demand 'Ransom'... The Threat of Ransomware [Im Ju-hyung's Tech Talk]

Ransomware attacks demanding ransom after hacking into corporate or national critical facilities are on the rise. / Photo by Yonhap News

[Asia Economy Reporter Lim Juhyung] From oil pipelines, power plants, hospitals, to even butcher shops, 'ransomware' hacking attacks on IT systems of large corporations and government agencies are rampant. Hackers leading ransomware attacks forcibly lock IT systems and demand 'ransom' payments, generating huge profits. The problem is that ransomware targets are expanding beyond simple companies to include critical national institutions. There are concerns that failure to suppress ransomware attacks in time could pose serious threats to national security and citizens' lives.

On the 7th of last month (local time), the operation of the 8,851 km-long oil pipeline 'Colonial Pipeline,' which crosses the southeastern part of the North American continent, suddenly stopped.

The reason Colonial stopped operating was a ransomware hacking attack led by the hacker criminal group 'DarkSide.' DarkSide hacked the IT system controlling the pipeline and forcibly halted its operation. DarkSide demanded 5 million dollars (about 5.5 billion KRW) worth of Bitcoin from Colonial, the company operating the pipeline, in exchange for unlocking the system.

The Colonial Pipeline is an oil pipeline delivering about 3 million barrels of oil daily from Texas to New York, serving as critical infrastructure for the United States' energy supply and refining industry. Even a single day of halted operation causes exponentially increasing damage to businesses and households.

The hacking attack on the system of Colonial Pipeline, the pipeline operator supplying 45% of the fuel consumption in the U.S. East Coast, on the 7th of last month caused a halt in fuel transportation, raising concerns about fuel supply shortages. The photo shows a gas station in North Carolina last month. / Photo by Yonhap News

The U.S. government acted immediately. The Federal Bureau of Investigation (FBI) tracked the flow of 75 Bitcoins paid by Colonial as ransom to DarkSide, located DarkSide's electronic wallet, and seized the funds. U.S. Attorney General Lisa Monaco stated at a press conference, "Today, we retaliated against DarkSide."

DarkSide's pipeline attack is the largest ransomware attack to date. Ransomware is a neologism combining 'ransom,' meaning payment demanded for release, and 'malware,' meaning malicious computer code. It refers to hacking that attacks specific institutions with viruses and demands ransom to restore normal operations.

The frequency of ransomware attacks is increasing. About three weeks after the Colonial incident, on the 30th of last month, JBS, the world's largest meat supplier, had its U.S. and Australian plants attacked by ransomware. JBS, responsible for about 20% of meat supply in the U.S. and Australia, had to pay 11 million dollars (about 1.21 billion KRW) in Bitcoin as ransom within a day after the hacking attack.

Concerns are growing as ransomware hacking targets are gradually shifting to critical national institutions. According to the U.S. financial media Wall Street Journal (WSJ) on the 9th, past ransomware attacks involved stealing data from companies holding customer information such as banks and insurance companies, but now they target companies providing essential social services like hospitals, transportation, and food companies. Because these attacks directly impact citizens' lives, hackers can demand higher ransoms.

Hackers leading ransomware attacks are increasingly shifting their targets to companies providing essential social services such as hospitals and food manufacturers. / Photo by Yonhap News

Especially, if critical infrastructure important to national industry, such as power plants and water treatment facilities essential to maintaining modern civilization, are attacked like in the Colonial case, the damage can become uncontrollable. This is why there are concerns that failure to suppress ransomware attacks in time could pose a serious threat to national security.

Experts suggest that international cooperation is necessary to effectively respond to ransomware threats.

Mark Blecher of the IT consulting firm 'Arete Advisory Group' warned in an interview with the U.S. economic media 'CNBC' on the 10th, "In the past two years, victims have sent hundreds of millions of dollars to perpetrators," indicating that ransomware attacks have already grown to an industrial scale.

According to Blecher, most hacker organizations operating ransomware hacking are headquartered in Russia or former Soviet Union countries. He claims these countries do not impose sanctions on hacking activities as long as hackers do not harm their own countries.

Blecher warned, "Therefore, unless many countries internationally unite and respond jointly to ransomware hacking, this problem will never disappear."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.