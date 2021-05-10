Ransomware attacks are spiking in the United States and aimed at a wide range of targets, according to cybersecurity experts in the private sector and government.

The malicious software deployed by cyberattackers requires payment in exchange for restoring access to data or systems that are being held hostage.

The average number of monthly ransomware attacks in the U.S. has shot up in the last nine months, according to data gathered by the cybersecurity firm Check Point Research. The uptick started late last year, when the FBI said it had an increase in ransomware complaints during 2020’s final months.

“In the Utilities sector in the U.S. we can see on average around 300 weekly cyberattacks [per] organization, while the global sector has around 650,” Ekram Ahmed, Check Point spokesperson, said in an email. “Furthermore, in recent weeks an average of 1 in every 88 Utilities organization in the U.S. suffered from an attempted ransomware attack, up by 34% compared to the average from the beginning of 2021.”

The spread of ransomware has coincided with the COVID-19 pandemic pushing more people online.

Brett Callow, threat analyst at software company Emsisoft, said he has observed the targets of ransomware becoming much bigger.

“In the last few years, ransomware has gone from mainly targeting [small and midsize businesses] to targeting much larger orgs, including governments and multinationals,” Mr. Callow said in an email.

Mr. Ahmed said Check Point had observed health care as the most targeted sector followed by the government. But the spread of ransomware is not limited to any one industry.

For example, the FBI on Monday formally attributed the ongoing cyberattack against Colonial Pipeline, a major supplier of U.S. fuel to “Darkside ransomware.”

The Georgia-based Colonial Pipeline Company has said it transports approximately 45% of all fuel consumed on the East Coast, including gasoline, diesel, home heating oil, jet fuel and fuel for the military.

Ransomware has also done damage at the local level, too. The Metropolitan Police Department in D.C., for example, fell victim to a ransomware attack last month as well.

“I think that what’s going on anecdotally is that attackers think that their time may be coming to an end with around the world governments thinking of cracking down more and more on these cybersecurity incidents and so they seem to be unleashing everything,” Matthew Prince, co-founder and CEO of security company Cloudflare, said on CNBC.

The U.S. federal government is among the governments reviewing its approach to cracking down on ransomware and deterring cyberattackers. Assistant Attorney General for National Security John C. Demers said last month that the Justice Department had witnessed a “very significant increase” in ransomware attacks.

The Justice Department set up a ransomware task force to review the issue with input from the national security division, criminal division, and U.S. attorneys offices, said Mr. Demers at an event hosted by the Project for Media & National Security at George Washington University in April.

Whether police, the pipeline company, and others choose to pay ransomware attackers for restored access to various data and systems remains to be seen. Depending on who is responsible for the ransomware attacks, payments could put the victims in a tricky legal situation if they run afoul of cyber-related sanctions.

Mr. Demers, however, noted last month that the Justice Department did not have a history of prosecuting many victims making hostage payments. He said prosecuting those making ransomware payments had the potential to put the government in a “more adverse posture” with the victims it may need to work alongside in the cyber realm in the future.

