Nearly everyone in the United States, especially those of us in the Southeast, were inundated with news about the Colonial Pipeline ransomware attack a few weeks ago. A stupid security mistake, combined with seemingly no backup procedures, brought the pipeline that delivers gasoline to much of the Gulf Coast to a complete halt for almost a week. The infrastructure issues that it created caught the attention of the Department of Justice (DoJ), leading to an increased focus on investigating these attacks.
These days, digital infrastructure is as important, if not more important, than physical infrastructure. This is because our digital world controls the physical in every realm from gasoline to traffic lights. A cyber attack, as was evidenced during the Colonial issue, can be damaging, if not destructive, to far more people than an attack on a locale. That is the reason why the DoJ is going to treat ransomware attack investigations at a similar level to terrorist threats.
In the Colonial Pipeline case, a compromised password was all that was needed to access the critical infrastructure system and bring gasoline delivery to a standstill for tens of millions of Americans. It led to a familiar sight of panic and hoarding, though this time with gasoline instead of toilet paper and hand sanitizer. While there was no real threat this time, a different attack could wreak havoc on a large scale.
The biggest problem with ransomware attacks is that the easiest way to get past the problem is to pay the ransom. Of course, this means that the victim has emboldened the attackers and given them more resources with which to carry out future attacks. So, to protect yourself in the short run, you make it likely that someone else will be a victim later. This is the threat that the DoJ is attempting to prevent by investigating these attacks with haste and strength in order to try to prevent new attacks in the future.