A few days ago, cyber criminals hacked into one of the largest oil pipelines in the US, which halted operations after its corporate IT network was knocked offline. If the engineers don't fix the system on their own or the owners cough up the ransom that the hackers are demanding, millions of Americans will soon feel the heat of cybercrime in their daily lives, through higher prices at the gas pump.

Who pulled off this attack, and what does it tell us about the vulnerability of critical infrastructure and the rules (or lack thereof) in cyber conflict today?

The culprit. The US government has blamed the Colonial Pipeline cyberattack on DarkSide, a relatively new group of veteran hackers from Eastern Europe famous for bragging about its exploits online, and leaking data dumps from victims who don't pay up. The DarkSiders style themselves as Robin Hoods of the hacker world, donating (a minuscule) part of their profits to global NGOs such as Children International and The Water Project. But this time they may have bitten off a bit more than they can chew.

DarkSide issued on Monday a rare apology for creating "problems" to society, insisting they only want money and are not at all interested in politics, although they do seem to avoid former Soviet bloc nations. That's common for cyber criminals based in these countries, whose governments will look the other way as long as hackers target victims outside their borders.

One of those governments is that of Russia, with a long history of outsourcing its dirty cyber work to unscrupulous hackers. Joe Biden says there's no evidence that the Kremlin was involved this time, but does have "some responsibility."

The problem. The fact that a bunch of geeks armed with laptops shut down a pipeline that serves 45 percent of America's oil refineries shows that US critical infrastructure is a lot more vulnerable to cyber-extortion than we'd like to think. And the Biden administration's $2 trillion plan to upgrade US infrastructure across the board turns cybersecurity into an even more urgent concern.

As always, the pandemic has made everything worse. Ransomware attacks — and cybercrime in general — have boomed in COVID times, largely as a result of IT systems that became more vulnerable when companies rushed to adapt them for remote access. Moreover, hackers are now targeting bigger firms for a lot more money thanks to the rise of cryptocurrencies, which make it easier for them to get paid and harder to trace.

Ransomware attacks are particularly problematic for companies and countries because they are forced to make a tough choice: pay off hackers and risk encouraging further such attacks, or hold out and take the economic or social disruption on the chin.

The response. The Colonial Pipeline hack shows how cyberattacks can do severe damage to a country by disrupting critical infrastructure. But as we've written before, these types of operations are hard to prevent, and even harder to attribute and respond to.

So far, the US government has declared a state of emergency to keep the oil flowing to the Eastern Seaboard. But at this point it can't do much more to stop the hackers, or hold them responsible for a brazen attack that would otherwise be considered an act of war against America. It can't even prevent the corporation from paying the cryptocurrency ransom.

The cybercriminal gang DarkSide is ostensibly behind the attack on the Colonial Pipeline in the US. They've said that they won't attack hospitals, but for Ian Bremmer, it's a serious problem when the only thing stopping criminals is their sense of ethics. Watch this week's Quick Take.

👉 By the way, don't miss GZERO Media's upcoming livestream discussion on cybersecurity on May 18, moderated by former US Homeland Security senior official Juliette Kayyem. Sign up here to get updates on our events.

COVID has officially killed almost 3.5 million people around the world since the beginning of the pandemic. But some public health experts believe that the real number could be more than twice as high, because of challenges to accurately reporting the death toll in many countries around the world. A new study from the University of Washington contends, for example, that actual deaths are nearly 60 percent higher than reported in the US, twice as high in India, more than four times as high in Russia... and a staggering ten times higher than the official tally in Japan. Here's a look at how official figures compare to actual estimated deaths in the 20 countries where COVID has claimed the most lives.

Israel strikes Gaza after Hamas rockets: Things escalated very quickly on Monday in Jerusalem. For weeks, violent clashes between Israeli police and Palestinians over tensions surrounding access to the Old City and Al-Aqsa Mosque, as well as an anticipated verdict in the eviction of several Palestinian families from East Jerusalem's Sheikh Jarrah neighborhood, spread throughout the city. While Israeli police used heavy force to crack down on Palestinians throwing rocks and launching fireworks, the Hamas militant group in the Gaza Strip used the clashes as a pretext to launch a barrage of rockets into Israel. Hamas usually restricts its reach to southern Israel, but this time it launched dozens of rockets into Jerusalem, causing a mass evacuation of the Knesset, Israel's parliament. Israel responded swiftly Monday by bombing the Gaza Strip, resulting in at least 24 Palestinian deaths, including nine children. Since then, Hamas has fired at least 250 rockets into Israel, including several that landed on houses in southern Israel, while Israeli forces have struck 140 targets in the Gaza Strip. For now, both sides appear to be preparing for a massive escalation, raising fears of an outright war.

Scotland's drive for indyref2: The votes are counted from last week's UK elections, and the pro-independence Scottish National Party will again dominate Scotland's parliament. Though the party fell one seat shy of an absolute majority, the pro-independence Green Party will be happy to add its eight votes in support for a second independence referendum. For now, SNP leader and Scotland's First Minister Nicola Sturgeon says COVID recovery is job one. But she also says a new independence vote is a matter of "when not if," setting up a showdown with UK Prime Minister Boris Johnson, whose approval is needed (via a majority vote in the UK Parliament) for a binding vote. Here's where the politics becomes fascinating. Today, polls suggest Scots are about evenly split on the independence issue. If Johnson tries to block them from voting, he might inadvertently increase support for breakaway. But agreeing to a vote as soon as next spring is a high-stakes roll of the dice. The question looks likely to end up in court.

"The strike continues" in Colombia: After a meeting with Colombian President Ivan Duque on Monday evening, the leaders of the protests that have rocked the country for nearly two weeks now had a simple message: "the national strike will continue." Earlier in the day, Duque made a last minute trip to Cali, Colombia's third largest city, which over the weekend was wracked by violence including a lethal flareup between indigenous protest groups and other armed civilians. While there Duque acknowledged the frustrations of Colombia's young people. Across the country, nearly two dozen people have been killed in clashes with the police since protests began over a botched tax reform last month, while strikes and roadblocks have begun to crimp food supplies in major cities. The tax bill was withdrawn, but protest leaders are now demanding broader concessions, including holding police accountable for abuses, reforms to the health and education systems, and more than 100 other specific demands including an array of measures to help Colombia's poor, protect the environment, and advance the country's stalled peace process (source in Spanish). Meetings between the federal government and various groups — local officials, unions, and activists — will continue throughout the week. But for now, protest leaders have called for another nationwide demonstration on Wednesday.

The US government is spending big these days. Following some $5 trillion to cushion the blow of the pandemic, the Biden administration is teeing up a further $4 trillion in infrastructure outlays. Some say pumping this much money into the economy risks a return to the bad old days of double-digit inflation. Are they right? Eurasia Group's Rob Kahn and Jon Lieber take a look here.

63: Multiple blasts outside a school in Kabul, Afghanistan, killed 63 people Sunday, most of whom were schoolgirls, and at least 150 were injured. The Taliban, which have vowed to wreak havoc because the US missed a May 1 deadline to fully withdraw from Afghanistan, denied involvement in the attack.

83: Around 83 percent of all COVID doses administered worldwide have been in high- and upper-middle income countries. Only 0.3 percent have been administered in low-income countries, as discussions now get underway at the World Trade Organization on whether to waive intellectual property rights for COVID vaccines.

32: After going missing in a Siberian forest last week, Alexander Murakhovsky, the Russian doctor who treated notorious Kremlin critic Alexei Navalany, has been found safe some 32 kilometers (20 miles) from the hunting base where he was last seen. Rumors circulated that Murakhovsy was the latest person to be "disappeared" by the Kremlin, after two other senior doctors who treated Navalny died suddenly late last year.