What happened?
On 12 May, Colonial Pipeline restarted operations after being shut for five days due to a ransomware attack on 7 May. Colonial said in a statement: "Following this restart, it will take several days for the product delivery supply chain to return to normal." Bloomberg and the New York Times reported that the company paid USD 5 million (about 75 Bitcoin) as ransom to DarkSide, the hacking group responsible for the attack.

On 10 May, when asked about the attack in a press meet, President Biden said: "So far there is no evidence-based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia. They have some responsibility to deal with this." On the same day, the FBI released a statement on Twitter holding the group DarkSide responsible for the attack. 

On 10 May, CNBC reported the following statement issued by DarkSide on the attack: "We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future."

What is the background? 
First, the increasing intensity and frequency of ransomware attacks on the US. The victims include the US government agencies, private companies, police departments and even schools and colleges. According to the New York Times, this year alone has seen so far 26 government agencies being recipients of ransomware attacks. According to cybersecurity firm Emsisoft, in 2019, ransomware attacks cost the US about USD 7.5 billion. 

Second, the geographic focus of cyber-attacks. The ransomware attacks of the preceding decade reveal a geographical division: while most attacks, whether state-backed or non-state, emanate from Russia (or countries part of the former Soviet Union) and China, the recipient countries are the affluent countries of Europe, North America as well as Japan, Australia and New Zealand. In fact, this week has seen two more ransomware attacks: one on Ireland's health care system and another on Toshiba corporation. 

Third, the nature of ransomware attacks. A type of cyber-attack, ransomware involves infecting the victims' system with malware that encrypts the data. The hackers then demand a ransom for releasing the encryption key that the victims can use to get back their data. As organizations have started keeping back-ups of their data, the ransomware attacks increasingly feature not just encryption but also stealing of data accompanied by a threat to leak it if the ransom is not paid. The US government maintains a position that organizations should not pay the ransom and encourage hackers. However, this may turn out to be more costly than the ransom amount itself. Lastly, all the payments are demanded in cryptocurrencyies to avoid traceability of transactions. 

Fourth, the attack and its fallouts. Colonial Pipeline, which runs for 8,850 km, supplies gasoline, diesel and jet fuel to meet 45 per cent of the US' east coast requirement. Due to the attack on 7 May, the closure of the pipeline was followed by fuel shortages across the States on the east coast. Four States - North Carolina, Virginia, Florida and Georgia - declared a state of emergency. As panic buying surged, the prices of gasoline soared to USD 3 per gallon, for the first time since 2014.  

What does it mean? 
First, the attack on Colonial Pipelines is part of a larger trend of increasing attacks on the US-based organizations. However, with one difference: while the past attacks have only had localized impacts, the one on Colonial Pipeline demonstrates that not just a powerful state actor with deep cyber capabilities but also small non-state hacker groups can pose a danger to critical infrastructure. 

Second, as conventional deterrence fails in the case of cyberattacks because of the problem of attribution and the role of non-state actors, retaliation by the US will only serve limited purposes. In such a case, building strong cyber defense systems may be more fruitful.