Technology White House grapples with spike in ransomware attacks as cyber vulnerabilities are laid bare
Ransomware is now a national security risk. This group thinks it knows how to defeat it
Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.
A spike in ransomware attacks cutting across-- including summertime mainstays gasoline, meat and vacations -- have prompted new urgency inside the Biden administration
The attacks have laid bare for President Joe Biden and senior officialsin private-sector networks to attacks from criminal syndicates based in Russia.
They have also exposed the limits of the federal government's ability to prevent major disruptions to American life, at least based on current laws and resistance from some private firms to federal interference.
What is ransomware? Everything you need to know about one of the biggest menaces on the web
Updated: Everything you need to know about ransomware: how it started, why it's booming, how to protect against it.What is ransomware?
As Biden prepares for his first foreign trip, the issue is set to take an outsized role during his talks with European leaders, especially his summit with Russian President Vladimir Putin in Geneva, Switzerland.
The potential for more widespread shutdowns of various sectors, affecting more Americans or lasting for longer stretches, is a major concern inside the administration that has only grown as the ransomware attacks become more frequent, according to people familiar with the matter.
Still, the White House stopped short Friday of describing them as "national security threats."
"I certainly think the President views those as a rising national security concern," press secretary Jen Psaki said. She said the hacks were "an area where we need to continue to keep our focus, keep our assets, focus our energy and brainpower on what we can do to address it."
Ransomware: Five questions you need to ask about your defences, before you get attacked
"Cybersecurity is a board-level responsibility, and board members should be specifically asking about ransomware," says guidence from the NCSC.Ransomware is one of the most dangerous cybersecurity threats facing organisations today, yet many are still under prepared when it comes to protecting networks from attacks, and about what to do if ransomware causes disruption.
A delicate dance
"looking closely" at retaliating in response to a ransomware attack on a major US meat producer, which the White House swiftly identified as having been carried out by a group working from Russia.
He didn't elaborate, but administration officials and others familiar with the situation say a host of options on dismantling the Russian criminal hacking networks responsible for that attack and others is likely to be included in a "rapid strategic review" Biden ordered recently.
That includes retaliatory steps,
"We always reserve the option of responding to behavior or actions that are unacceptable and are harmful," Psaki said on Friday. "Some of those responses are seen and some of them are unseen."
The White House has described the review as focused on disrupting ransomware infrastructure, rallying support among allies to hold countries like Russia responsible for harboring hacking networks and analyzing cryptocurrency transactions to better identify criminals.
Taking the 'cyber' out of cyberattacks: Why hackers are going after physical infrastructure
A major gas pipeline. Dozens of government agencies. A Florida city's water supply. And now, one of the world's top meat producers.A major gas pipeline. Dozens of government agencies. A Florida city's water supply. And now, one of the world's top meat producers.
The US views the ransomware groups operating in Russia as having de facto permission from Moscow, which hasn't taken major steps to crack down on their activity. But US sanctions on Russia have become limited in their efficacy. Since the hackers are not technically sponsored by the state -- unlike those responsible for the SolarWinds attack on government agencies, according to US intelligence -- pinning responsibility on Putin himself is trickier.
Biden sought to strike a
"We do not believe the Russian government was involved in this attack," he said, "but we do have strong reason to believe that the criminals who did the attack are living in Russia."
Speaking Friday on the sidelines of an economic forum in St. Petersburg, Putin dismissed the accusations that Russia was involved at all.
"I heard about some kind of meat processing plant, some kind of nonsense," he said. "This is simply ridiculous. The pipeline is just ridiculous."
Limited options for response
Law enforcement officials, including those with experience in the federal government, said the options for preventing ransomware attacks are limited.
As ransomware attacks cripple US infrastructure, a look at why they're on the rise
A recent spate of ransomware attacks has left the nation reeling. A recent spate of ransomware attacks has crippled critical American infrastructure, disrupted major food supply chains and revealed that no firm -- big or small -- is safe from these insidious cyberattacks.
"This is not something that the FBI or any single agency is going to be able to solve or prevent. There's no one thing that we can do. There is no silver bullet," said Andrew McCabe, the former deputy director of the FBI and a CNN senior law enforcement analyst.
"The biggest area where government has fallen behind is imposing meaningful consequences," he added. "These actors are not going to stop and the governments -- i.e., Russia -- that give them safe harbor, that protect them, that allow them to operate from their territory, are never going to step in and stop this until the US government imposes serious impactful consequences. Beyond just sanctions, beyond tough talk. We actually have to start acting against these folks in the space that they occupy."
The White House has not provided a deadline for its review, though officials said it was being conducted urgently. Biden has told aides he believes the US government needs to be doing more, beyond an executive order that he signed last month, to protect vulnerable systems.
That order applied only to federal contractors, but officials said at the time their expectation was that private companies would follow suit.
Pleas to take ransomware more seriously
The top White House official responsible for cybersecurity, Anne Neuberger, issued a rare open letter to companies this week calling on them to treat the threat of ransomware attacks with greater urgency.
Ransomware: A cheat sheet for professionals
This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and Petya, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.In the past, security threats typically involved scraping information from systems that attackers could use for other crimes such as identity theft. Now, cybercriminals have proceeded to directly demanding money from victims by holding their devices--and data--hostage. This type of malware attack in which data is encrypted (or claimed to be) and victims are prompted to pay for the key to restore access, called ransomware, has grown rapidly since 2013.
"All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location," Neuberger wrote. "We urge you to take ransomware crime seriously and ensure your corporate cyber defense matches the threat."
An attack last month on Colonial Pipeline that resulted in a run on gasoline, prompting fuel shortages along the East Coast, drove home for Biden and officials the gravity of the ransomware problem, one official familiar with the matter said. Biden was at Camp David when the hack was disclosed and received emergency updates from his national security team.
The issue had been on the President's radar previously, but the speed with which the hack caused disruptions to a major American pipeline startled the President and brought to light the enormous universe of areas that could be affected by ransomware hackers, the official said.
Ransomware represents an urgent threat to America's national and economic security, Deputy Attorney General Lisa Monaco said Friday on CNBC, calling for US businesses to cooperate more with the FBI and to disclose to law enforcement when they give in to hackers' demands for payment.
Monaco's remarks are part of a highly visible effort by the Biden administration to convince the public it is responding aggressively to the ransomware crisis, which has led to widespread disruptions in critical industries.
Her comments follow claims byand the threat of terrorism. Asked whether she agreed with Wray's characterization, Monaco stopped short of endorsing the analogy.
"I absolutely agree we need to treat ransomware and cyberattacks like the national security threat that they are," she told CNBC. "That's why we need to have a national picture, and we need to bring all our tools to bear."
As Biden prepares to embark on his first overseas trip as president, he is hoping to elevate the issue with key American allies.
His national security adviser, Jake Sullivan, brought up ransomware in phone calls this week with his German and French counterparts, according to White House statements, a reflection of the heightened urgency around the issue in the White House.
And it is expected to be a major point of discussion with Putin during the highly anticipated summit in Geneva.
"Ransomware attacks remind us that the cyber domain is prone to misperceptions and that there are dangerous escalation risks," Eric Green, senior director for Russia on the National Security Council, said on Friday during an event previewing Biden's trip at the Washington think tank Center for a New American Security.
This new ransomware group claims to have breached over 30 organisations so far .
Prometheus ransomware uses branding of REvil in attempt to piggyback on the fame of one of the most infamous - and successful - ransomware groups.An emerging ransomware operation appears to have links to a veteran cyber criminal group in the space – while also attempting to piggyback on the reputation of one of the most notorious forms ransomware.