Cybersecurity experts: more ransomware attacks could be coming

Hackers got paid millions for holding data hostage from Colonial Pipeline, and cybersecurity experts say more ransomware attacks are coming unless companies shore up their computers.  

In February hackers targeted a water treatment plant in Oldsmar, and attackers shut down Colonial Pipeline in May. Cybersecurity experts said hackers wait for their next opportunity.

"What we saw early on with ransomware is people could restore from backup, and they wouldn’t have to pay the ransom. Now the hackers have decided, ‘You know what? I’m going to incentivize you to pay that ransom by holding your data and threatening to expose you to the public, threatening to expose credit card information, personal identifiable information, healthcare information,’" said Nick Powers, executive vice president of UnComn, a business consulting firm that works on software engineering, data analytics and cybersecurity. "So now you’re seeing companies being backed into a corner and having to pay that ransom so that data isn’t released."

It can happen with schools, hospitals, banks and more, but the cost of the attack trickles down to everyday people. Cyber Florida’s staff director Ron Sanders explained how the cost is passed on when businesses don’t improve cyber infrastructure.

Colonial Pipeline hack has echoes in Oldsmar

A major pipeline that ships nearly half of the fuel in the Northeast had to shut down due to a hack this weekend. It's not clear who carried out the attack, but some say it's similar to a hack at an Oldsmar water plant.

"The people who pay the ransom, they’re going to pass on the expense of that ransom to their customers and their consumers," said Sanders. "The consumer pays for it in the end almost no matter what, all the more reason for organizations to become more cyber resilient."

A cybersecurity researcher with the firm Dragos looked at the Oldsmar ransomware attack. In a new blog post, Dragos said hackers found a way in through "a Florida water utility contractor hosting malicious code on their website." Dragos said that code was "visited by a browser from the city of Oldsmar on the same day" of the hack.

"Most organizations don’t pay attention to their contractors and yet that’s one of the most prevalent attack vectors," said Sanders.

RELATED: Colonial Pipeline sought a cyber-security manager months before hack

Experts highly recommend companies push vendors to have better security defenses. As for everyday fixes, experts said the attacks are preventable with good training on social hygiene like strong passwords, avoiding clickable links, and being wary of emails and websites with misspellings.

"It’s typically a passive thing that occurs," said Powers about ransomware attacks. "What I would just say is people just need to be more aware of what they get in their inbox."

Cyber experts said local companies and municipalities should focus on making sure their employees double-check links and emails before opening or clicking on them. The Biden administration said Tuesday cybersecurity spending will be part of its proposed American Jobs Plan.