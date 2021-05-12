MOBILE, Ala. (WALA) – A cyberattack known as a ransomware attack shut down a major oil pipeline and triggered a gas panic his week. Experts say it is not just high-profile infrastructure at risk.

Eric Cole, who served as cybersecurity commissioner during Barack Obama’s administration and is the author of the upcoming book, “Cyber Crisis” told FOX10 News at the attack on the Colonial Pipeline is the tip of the iceberg.

“Unfortunately, these systems are a lot more exposed than we realize, and Colonial is not the exception,” he said. “It’s the norm so the vulnerabilities that are present here are present across most of our critical infrastructure.”

William Oppenheimer, president of Mobile-based Enveloc, said it is crucial for businesses to back up their critical systems.

“We hear about an attack at least once a week,” he said. “And some days, we hear of three attacks.”

And that’s just among Oppenheimer’s customers. Cole said companies and local governments in the United States so far this year have paid $800 million in ransoms to get control back over their hacked systems. That is more than in all of 2020 and is projected to grow to between $1.6 billion and $1.7 billion by the end of the year.

In 2019, Springhill Medical Center acknowledged it was the target of a ransomware attack. The city of Pensacola got hit that same year.

When sophisticated hackers sneak their way into a computer system, the victim often has no choice but to pay a ransom. That’s why it’s called “ransomware.”

In the Colonial Pipeline case, Cole said, all indications are that the company is paying the ransom. And he estimated it is to the tune of one to two million dollars.

Oppenheimer, a distant relative of “father of the atomic bomb” J. Robert Oppenheimer, said ransomware allows hackers to encrypt critical data. That encryption is up to government standards.

“Unless you have the key, you will not be able to decrypt it,” he said.

Oppenheimer said he has helped customers arrange to pay off hackers – often in bitcoin And the price is going up, he added. He said three or four years ago, the cost typically was about $1,000.

“Now they target people; they target hospitals; they target businesses and organizations that have got some money,” he said. “Instead of $1,000, they want $100,000 or $500,000. And the ransomware is a very sophisticated product. It knows how to traverse the local network.”

Oppenheimer said it is far preferable to pay to have a backup system like the one his company offers. That way, a targeted company and delete its system and reboot.

“It runs every night,” he said. “And the ransomware hits. We’ve got a system that disengages the local storage from the main computer so that the ransomware cannot attack the backup.”

Cole said critical infrastructure in the United States was designed long before computer attacks were a threat. They have contingencies for physical attacks but not so much for cyberattacks.

He said the attack on Colonial was unusual in that hackers did not just gain control of data by the operating systems. He said those kinds of attacks started becoming easier to gain control over started in about 2018 and 2019, as companies started putting those systems online. The work-from-home trend during the COVID-19 pandemic accelerated that transformation, he said.

Cole said merely backing up data is not a sufficient safeguard.

“The operational systems that run the power, the water, the gas, the oil, must be disconnected from the internet,” he said. “And these companies have the capability to do that. There’ll be a small performance impact, but that’s really the solution is we need to start taking real action very quickly to protect our infrastructure, as opposed to just passing more legislation.”