Those of you who follow the news may remember a story from early May. The Colonial Pipeline in the US – which carries 45% of the East Coast’s supply of diesel, petrol and jet fuel – was put out of action by a ransomware attack.
The hackers, an organisation called DarkSide, cheerfully acknowledged the attack and apologised to the public. “Our goal is to make money,” they said, “Not creating problems for society.” Make money they certainly appear to have done, with reports emerging a few days later that the pipeline had paid a ransom of $5m (£3.55m) to restore order.
You may also recall the Petya and NotPetya cyberattacks of 2016 and 2017, which affected countries and organisations around the world, including some NHS Trusts in the UK. According to an article in Wired, a White House report estimated the damage done by these two attacks at more than $10bn (£7.1bn).
These are, of course, sophisticated attacks run by people who – as DarkSide acknowledged – see hacking as a business. Should we therefore expect more of these “ransomware” attacks? More pertinently, what exactly is ransomware? and does it have the potential to affect your investments?
The definition is simple: ransomware is malicious software designed to block access to a computer system until a sum of money – the ransom – is paid. Payment is demanded in a cryptocurrency such as Bitcoin.
Will we see more of these attacks? It’s extremely likely.
Ransomware is fast becoming a big business and, while most of us do not own an oil pipeline, it has the potential to affect us all. Last year an attack hit Hackney Council, which put the recovery bill at £10m and estimated that some key services would take months to recover. Schools and hospitals are now routine targets for the hackers.
Could the financial services sector be a target for such attacks? The answer is that it already is, with banks, investment companies and stock exchanges around the world being hit. With so many people working from home during the pandemic – on less secure networks – the risks have only increased.
Ransomware attacks are not going away: sadly, “hacker” now appears to be a profitable career choice in some parts of the world.
Fortunately, clients’ investments are always ringfenced and, as you’d expect, the financial services sector takes the possibility of ransomware attacks extremely seriously. But it would be foolish to pretend that we are not all vulnerable: online fraud has increased significantly during the pandemic and we all need to be vigilant.