Ransomware just got very real. And it's likely to get worse

The threat of ransomware is not just to computer systems, but to the physical world, too.

There's just been another ransomware attack, but this one could have more significant consequences than the many that have come before.

Late last week, Colonial Pipeline, which accounts for 45% of the US East Coast's fuel, was forced to shut down its operations due to a ransomware attack against its systems.

Even President Biden was briefed on in the incident; it doesn't get much more high profile than that.

So will such a significant incident lead to changes in how ransomware is tackled?

Possibly, but it's worth remembering that there have been plenty of damaging and high-profile ransomware attacks across both the US, and elsewhere, without police or governments coming up with a way of tackling these gangs.

That's largely because the ransomware problem is actually a knotty set of interconnected problems, all of which defy easy solutions.

Certainly many companies need to take cybersecurity more seriously, and vendors need to focus more on selling software that is secure, and not just rushing it out to customers and (maybe) fixing it later. But forcing companies to spend money on cybersecurity with no obvious return is hard; obliging software companies to fix every fault before they ship their software would bring the industry to a halt.

Persuading police to take these cases seriously is another problem. Few forces have the expertise to tackle this sort of complicated investigation and, even if they did, tracking down the culprits is hard – and securing a conviction all but impossible. Many of these gangs operate from jurisdictions (such as Russia) that are very unlikely to hand over suspects for trial elsewhere.

And every time a victim reluctantly pays the gangs, they are making the gangs stronger, and able to take on even more ambitious attacks, even against organisations that have invested in security.

But the bigger issue is that, as we connect more and more systems to the internet, the real world becomes more at risk of threats like ransomware, that until now have only ever been a problem for the online world. That may focus the attention of governments and police a little more.

If a ransomware attack means your company loses the sales data held on a few servers, no one – apart from you and your boss – is going to be too upset. But say those servers were running the traffic lights on a busy stretch of road, or running the x-ray machines at the local hospital – then the attack has a real-world impact.

The growth of interest in smart cities is one example of how this threat could evolve. The idea behind smart cities is that by using data better we can run cities more effectively and efficiently. In practice that means using all manner of sensors and Internet of Things devices to collect information and automate processes. 

But unless this is done with security in mind, it means that when the technology goes wrong, we could have big problems. 

As the UK's cybersecurity agency the NCSC points out: "While smart cities offer significant benefits to citizens, they are also potential targets for cyberattacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed."

Any sort of security threat to smart cities could be a problem, but ransomware seems to be the leading candidate for causing chaos right now.

SEE: Hackers are actively targeting flaws in these VPN devices. Here's what you need to do

So will anything really change any time soon? For the ransomware gangs, having their activities brought to the attention of the President of the United States is unlikely to be a good thing, even if ransomware gangs have themselves courted publicity for their attacks in the past, as a way of putting pressure on their victims. Such a high-profile incident as this might put a bit of momentum behind efforts to tackle the problem, in the US at least.

If more funds are made available to improve the security of creaking but vital infrastructure, that will be a step in the right direction. Making it harder or even banning the payment of ransoms in this context would certainly bring short-term pain for victims but may in the longer term be a way of reducing attacks, too.

Of all the complicated problems that have allowed ransomware to flourish, it could be that the geopolitical challenge is one of the toughest to overcome. Sanctions and indictments have done little so far to stop the flood of attacks. But if the nations that still allow these gangs to operate could be persuaded that it's no longer in their interests to let them do so, that could change the situation hugely.

Still, for now it's hard to see that the threat of ransomware is going to go away any time soon. Even worse, as we put computers in charge of more of the real world around us, the problem is only likely to get worse.

ZDNET'S MONDAY MORNING OPENER 

The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America. 

PREVIOUSLY ON MONDAY MORNING OPENER: