The Biden administration is stepping up efforts to tackle ransomware, as hackers find new ways to exploit vulnerabilities in businesses and governments for big profits by threatening to disrupt critical infrastructure.
The FBI chief even compared the scale and stakes of the threat to those that emerged after the September 11, 2001 attacks, stressing the need for coordinated action to combat it.
The agency is investigating around 100 types of ransomware, many of which can be traced to Russian actors, FBI Director Christopher Wray told The Wall Street Journal in an interview released Friday, and each of these software variants – which can weaken businesses or key components of the country’s supply chain – have targeted multiple victims across the United States
“There are a lot of parallels, there are a lot of importance and we focus a lot on disruption and prevention,” Wray said. “There is a shared responsibility, not only among government agencies, but also within the private sector and even the average American.”
The headline-grabbing cyberattacks have shifted from massive data breaches meant to embarrass and expose private information to a coordinated extortion venture. Last month, a ransomware attack on Colonial Pipeline disrupted the East Coast’s fuel infrastructure and triggered panic buying and shortages. This week, the world’s largest meat processor was forced to suspend operations in the United States, Australia and Canada after being hacked, sparking concerns over beef and pork shortages and escalating prices .
The attacks have given a boost to the government’s cybersecurity efforts.
A task force of dozens of experts from industry, government and academia called on government and the private sector to take aggressive action to tackle ransomware in a broad April report, and executives are encouraged by the first signs of action this month.
“This is exactly the signal that needs to be sent to ransomware criminals,” said Philip Reiner, executive director of the Ransomware Task Force and CEO of the Institute for Security and Technology. “The status quo is over. We’re not going to approach this the same way anymore.”
A senior White House cybersecurity official on Thursday called on businesses to adapt quickly and implement security measures to defend against ransomware attacks, mirroring the federal government’s efforts to secure its own systems .
“The private sector also has a critical responsibility to protect against these threats,” wrote Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies. “All organizations must recognize that no business is immune from being the target of ransomware, regardless of its size or location.”
Neuberger urged companies to ensure their corporate and sales functions are largely separated from their production operations and to test their incident response plans.
White House Press Secretary Jen Psaki said on Friday that President Joe Biden intends to raise the issue of cybersecurity when he meets Russian President Vladimir Putin at a summit in Geneva. later this month.
“Of course there is the SolarWinds hack, but also the ransomware hacks,” she said. “As we’ve talked about, the actions of criminal groups, in a country the leaders of that country have a responsibility to take action. And there is no doubt that President Biden will bring that up directly in this conversation.”
Wray has designated Russia as a safe haven for hackers who deploy ransomware attacks, noting that a “huge chunk” of incidents can be traced to actors in Russia.
Kremlin spokesman Dmitry Peskov told state news agency RIA that Wray’s comments appeared to be “emotionally charged,” adding that hackers exist in all countries of the world. Russia has previously denied that state-sponsored hackers have launched cyber espionage campaigns against US institutions.
“I heard about a meat processing company, it’s nonsense, we understand it’s just laughable. A pipeline? It’s nonsense too,” Putin told the state television on Friday.