Biden White House lays out plan to tackle ransomware attacks

·National Security and Investigations Reporter
·5 min read
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger  speaks about the Colonial Pipeline cyber attack during the daily press briefing at the White House on May 10, 2021 in Washington, DC. (Drew Angerer/Getty Images)
Anne Neuberger, deputy national security adviser for cyber and emerging technology, at a White House press briefing on May 10. (Drew Angerer/Getty Images)

WASHINGTON — Amid an explosion of attention-grabbing ransomware attacks in recent months, the Biden administration Wednesday evening told lawmakers about its plans to confront attackers and assist victims.

Over just the last year, such attacks have cost victims — from pipeline operators to major beef suppliers — millions of dollars to unlock their stolen files.

The White House’s strategy to address the growing crime wave has multiple pieces, according to lawmakers present for the briefing and a senior administration official who previewed the plan for reporters. “This is something that has built up over a number of years, and it’s not something that will be solved in a moment,” said the senior administration official, speaking on background to reporters and outlining the approach. “We’re looking for an enduring impact. That’s the measure for us.”

Those lines of effort include actively disrupting ransomware gangs and the digital infrastructure they use to operate, as when the Department of Justice seized a cryptocurrency wallet to recover $4.4 million in extortion paid by Colonial Pipeline in May. Other measures include putting pressure on cryptocurrency exchanges to make it more challenging for criminals to covertly profit from their misdeeds, teaming up with allies overseas who are facing similar challenges, and tightening up U.S. defenses against digital compromise.

Colonial Pipeline storage tanks are seen in Woodbridge, N.J., Monday, May 10, 2021. (Seth Wenig/AP)
Colonial Pipeline storage tanks in Woodbridge, N.J. (Seth Wenig/AP)

According to sources present for the White House briefing to lawmakers, Biden’s top cybersecurity adviser on the National Security Council, Anne Neuberger, led the presentation, which focused on how vulnerabilities in digital systems pose a challenge to the United States. Ransomware is one way that criminals take advantage of that insecurity, a mode of attack that has only increased as more people have worked from home during the coronavirus pandemic. Additionally, with the rise of cryptocurrency and the increasing availability of malicious ransomware tools for anyone to purchase, the atmosphere is ripe for extortion and compromise.

On the broader cybersecurity front, the Biden administration is increasing the number of classified briefings it provides to energy and infrastructure company CEOs to help them understand the range of digital threats they face, according to one source present for the briefing.

There will also be a new ransomware task force housed at the White House, which will draft a written strategy to approach the issue. The State Department will offer reward money, up to $10 million, for information about ransomware gangs, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) launched a website to provide the public with information about the threat, similar to its 2020 presidential election disinformation debunking website. The Treasury Department will lead an effort to help law enforcement better track cryptocurrency payments as well.

Less detail was provided about efforts to disrupt or launch counterattacks against criminal hackers in cyberspace, an option many lawmakers and experts have pushed for in recent weeks but one that carries the risk of a cycle of escalation. The United States, given its level of interconnectivity through digital devices, is particularly vulnerable. However, the White House has made clear it will not hesitate to take action, including against Russia, if authorities there refuse to penalize the criminals.

US President Joe Biden prepares to shake hands with Russian President Vladimir Putin prior to the US-Russia summit at the Villa La Grange, in Geneva on June 16, 2021. (Brendan Smialowski /AFP via Getty Images)
President Biden and Russian President Vladimir Putin prior to the U.S.-Russia summit in Geneva on June 16. (Brendan Smialowski/AFP via Getty Images)

The White House declined to comment on whether the U.S. government or the Russian government took action to knock offline the prolific ransomware group REvil, a criminal gang that recently disappeared from the dark web following a wide-ranging ransomware attack over Memorial Day weekend. It’s possible the U.S. took action to disrupt the group, or Russian officials responded to urgent White House requests to pursue the criminals. However, similar to another active ransomware group called DarkSide, criminal hackers sometimes go offline to avoid further negative attention and later reassemble under a different name.

Sen. Angus King, the chair of the Cyberspace Solarium Commission and an independent from Maine, described the briefing as “thorough and professional,” noting that federal agencies such as the FBI, CISA, U.S. Cyber Command and others will be involved in carrying out the response to ransomware. “Clearly ransomware is a serious issue,” he told reporters on Wednesday evening.

Congress will also play an important role in confronting the ransomware scourge, King said, likely through different pieces of legislation. One line of effort will focus on outlining how to both protect and hold responsible companies operating critical infrastructure. “This is something we have to move on quickly,” he said.

Additionally, a proposed Cyber Diplomacy Act would establish a specific office at the State Department to lead efforts on coordinating an international strategy to approach norms and standards in cyberspace, King said.

Senator Angus King (I-ME) during the Senate Armed Services Committee hearing on Capitol Hill in Washington on May 6, 2020. Greg Nash/Pool via Reuters)
Sen. Angus King. (Greg Nash/Pool/Reuters)

Over recent weeks, Biden administration officials have continued to insist that confronting ransomware will be a long-running effort where no single line of attack will be successful. Relying fully on resilience and defense won’t work, noted Matt Hartman, a senior CISA official, during a webinar on the Biden administration’s cybersecurity strategy earlier in the week.

“We’ve had a number of interagency policy councils to discuss it,” Hartman said, referring to efforts by law enforcement, the intelligence community, diplomats and the military.

“There’s no silver bullet,” he concluded.

____

Read more from Yahoo News:

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting