GREENSBORO, N.C. — Georgia-based Colonial Pipeline halted operations late last week, after a ransomware attack by a group of criminal hackers that calls itself DarkSide.
Officials said Monday that the ransomware used in the attack did not spread to the critical systems that control the pipeline’s operation and that the shutdown was precautionary.
In the cybersecurity world, ransomware is nothing new, but tech experts say - it's a growing threat.
Basically, this type of malware gives hackers access to your computer - locking up your files or taking your information - until you pay someone to unlock it. Hackers targeting and potentially shutting down big systems - like the power grid, hospitals, and government agencies - understand they can get big bucks for holding critical information hostage.
"Anything that affects a lot of people is the easiest way to think of this," said Ron Pierce, President of Trinity Solutions, a Greensboro IT company, "Those are the big whales, those are the ones that are going to really pay. Normally, ransom in those situations is a multi-million dollar ransom."
He said it's not just the million-dollar ransoms on the rise. Small businesses can be targets of random attacks, forced to fork over thousands in ransom. Pierce said this is due, in part, to the pandemic.
"You will see it increase. It has increased. And the pandemic did play a role in that. From a motivation standpoint, you've got people who have more free time, you've got people who are looking to recover income that was lost," he said.
"You know, you hate to say it - but it's actually an industry in a sense. It's business," said Pierce. "A lot of these people who get into the ransomware world and access it, they are looking at maybe spending $2,000 to $5,000 to buy the software to actually start it. They can turn around and make $20,000-$40,000 off of it so, if you look at it from a business standpoint - a lot of these guys are looking at it going, hey, that’s a good return on investment. It’s illegal, obviously."
Pierce says not only are the attacks becoming more frequent - they're often more malicious.
"These guys have gotten really bad, to the point where not only are they infecting computers, they are copying information up to their servers and they’re saying, okay, it’s great that you’ve got a back up - and you can get all your files back, but oh, by the way, I’ve got personal information on you and I will release that to the dark web if you don’t pay me," Pierce said.
"So, now not only are you being held hostage for your files, now you’re being blackmailed. It’s getting very nasty out there," he continued.
The majority of the time, he says the ransomware sneaks in through an infected email: someone opening a bad link, Word document, or PDF. His best advice to viewers is to review your security software and update it, if necessary.
"Don’t assume that your security software is doing its job and keeping you safe."