Recent cyberattacks in the United States have raised concerns about the cybersecurity capabilities of various private and public entities against ransomware attacks by hacking groups.  In the last two weeks, ransomware attacks have been targeted at Colonial Pipelines, causing a significant gas shortage on the East Coast and the Metropolitan Police Department, resulting in the leak of numerous “sensitive files” onto the dark web. Colonial Pipelines, the largest pipeline system for refined oil products in the U.S, reportedly paid nearly $5 million in ransom to regain access to their systems. The Metropolitan Police Department also received a ransom demand but refused to pay it. These sensitive materials included officer disciplinary files, local intelligence reports, and various FBI and Secret Service documents regarding operations in Washington D.C. 

Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft, said that the Metropolitan attack was “possibly the most significant ransomware incident to date [in the United States].” It has sent shockwaves through the law enforcement community, as the release of officer disciplinary files and background checks have raised concerns among officers who submitted to these reports with the expectation of confidentiality. For Colonial Pipelines, the attack resulted in gas shortages that led to increased gas prices, extensive queues at filling stations, and several states declaring a state of emergency due to the shortages. Colonial Pipelines has since resumed full service, but there are still concerns about gas shortages in the upcoming weeks. 

The FBI, and President Joe Biden, blamed the Colonial Pipeline and Metropolitan Police attacks, respectively, on Darkside and Babuk, two “hacking gangs” operating out of Russia. Despite the Russian connection, President Biden stated that U.S. officials “do not believe the Russian government was involved in the attack. Following the security breach, President Biden issued an executive order aimed at improving the United States’ defenses against cyberattacks in hopes of protecting against further attacks on critical infrastructure. As well, the U.S. The Justice Department launched an investigative task dedicated to persecuting hackers. 

Ransomware attacks in the United States have ratcheted up in recent years, becoming an increasingly significant problem as hacking groups target critical infrastructure in hopes of receiving ransom payments in exchange for returning access to the systems or avoiding the leaking of sensitive information online. Last year’s SolarWinds hack, likely the largest in U.S. history, demonstrated the serious vulnerabilities these increasingly capable groups can exploit. In 2019, hacking groups grossed a total of $350 million in ransom payments from their targets. In 2020, nearly 2,400 U.S.-based government entities, health care facilities, and educational institutes were victims of ransomware attacks. The attacks have proven to be an effective avenue for malicious groups to attack U.S. infrastructure, and experts warn that future groups, groups that are not motivated purely by profit, could potentially target hospital systems, air traffic control frequencies, or even military targets in more aggressive efforts to cause serious damage. World governments will need to stay vigilant and ensure their cybersecurity capabilities are effective and up-to-date to avoid the consequences of any future attacks.