What a Russian cyberattack on the U.S. could look like and how it could affect you

As President Biden intensifies sanctions against Russia in response to the invasion of Ukraine, experts warn that cyberattacks against public and private targets in the United States are a possibility.

The Department of Homeland Security this week warned U.S. organizations to be prepared for a cyberattack, though DHS Secretary Alejandro Mayorkas said there is no “specific credible cyber threat” against the U.S. homeland. Officials in the U.K. issued a similar warning. Government and banking sites in Ukraine are believed to have already been hit by Russian digital attacks.

Exactly what form any hacks in the U.S. may take remains to be seen: CNN reports that the FBI warned local governments and companies to be on the watch for ransomware. Ransomware attacks, like the one that crippled the Colonial Pipeline last year—causing sporadic gasoline shortages—are typically launched by independent hackers in Russia trying to make money, not by government agents.

But ransomware groups typically operate with some tacit approval from the regime of Vladimir Putin, and the Russian government may be more tolerant of hacks on major Western targets if tensions continue to ramp up.

Since so much infrastructure is tied to networked computers that can be deliberately or unintentionally targeted by ransomware, such attacks in the past have disrupted everything from the fuel pipeline to shipping to schools and hospitals. Even attacks on Ukrainian targets could unintentionally spread malware to computers in the U.S. and other countries as happened with the NotPetya ransomware attack in 2017, which chiefly targeted Ukrainian computers but caused havoc around the world.

Banks beware

In terms of direct attacks from the Russian government, U.S. banks are a potential target, especially in light of banking-related sanctions against various Russian entities, and CNN reports that some experts have said it might not be a bad idea to have some cash on hand in case banking systems get disrupted.

It’s also a good idea for both individuals and businesses to make sure they’re taking basic cybersecurity steps with their own accounts, like using secure passwords, keeping systems updated with the latest security patches, and turning on two-factor authentication where it’s available, DHS officials are saying.

In general, a recent DHS bulletin said that while Russia could try “destructive attacks targeting critical infrastructure” in the U.S., it’s threshold for doing so “probably remains very high, and we have not observed Moscow directly employ these types of cyber attacks against U.S. critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.”

It’s unclear in what circumstances a Russian cyberattack against the U.S. or another NATO member would trigger retaliation, and Russia may not want to find out what form that retaliation would take.

There’s also the possibility of Russia targeting the U.S. with misinformation and propaganda, including via misleading social media campaigns, as it’s believed to have done in the past, including with an eye toward influencing recent elections. The U.S. Cybersecurity and Infrastructure Security Agency warned this is a possibility, Yahoo Finance reports, and pro-Russian propaganda has already been spotted in various languages, including English, on Telegram, the social platform popular in Eastern Europe.