The Biden administration is ramping up efforts to combat ransomware, as hackers find new ways to exploit the vulnerabilities of corporations and governments for big payoffs by threatening to disrupt critical infrastructure.
The head of the FBI even likened the scale and stakes of the threat to those that emerged after the Sept. 11 terrorist attacks, emphasizing the necessity for coordinated action to combat it.
The agency is investigating about 100 types of ransomware, including many that trace back to Russian actors, FBI Director Christopher A. Wray told the
Wall Street Journal in an interview published Friday, and each of those software variants — which can debilitate companies or key components of the nation’s supply chain — have targeted multiple victims throughout the U.S.
JBS, world’s biggest meat supplier, says its systems are coming back online after cyberattack shut down plants in U.S.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Wray said. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
Headline-grabbing cyberattacks have shifted from massive data breaches meant to embarrass and expose private information, to a coordinated extortion business. Last month, a
ransomware attack on Colonial Pipeline disrupted the East Coast’s fuel infrastructure and triggered panic buying and shortages. This week, the
world’s largest meat processor was forced to suspend operations in the U.S., Australia and Canada after it was hacked, sparking worries of beef and pork shortages and escalating prices.
The attacks have kicked the government’s cybersecurity efforts into overdrive.
A task force of dozens of experts from industry, government and academia called on the government and private industry to take aggressive action to combat ransomware in a wide-ranging April report, and leaders are encouraged by the early signs of actions this month.
“This is exactly the signal that needs to be sent to the ransomware criminals,” said Philip Reiner, executive director of the Ransomware Task Force and CEO of the Institute for Security and Technology. “The status quo is over. We’re not going to approach this in the same way anymore.”
On Thursday, a top White House cybersecurity official called on businesses to adapt quickly and implement security measures to defend against ransomware attacks, mirroring efforts by the federal government to secure its own systems.
“The private sector also has a critical responsibility to protect against these threats,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, wrote in the letter. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
Neuberger urged companies to make sure their corporate and business functions are largely separate from their production operations, and to test their incident response plans
On Friday, White House press secretary Jen Psaki said Biden intends to raise the issue of cybersecurity when he meets with Russian President Vladimir Putin at a summit in Geneva later this month.
“Of course, there is the SolarWinds hack, but also the ransomware hacks,” she said. “As we’ve talked about, the actions of criminal groups, within a country, there is a responsibility of the leaders of that country to take action. And there is no doubt President Biden will be raising that directly in that conversation.”
During his interview, Wray singled out Russia as a safe haven for hackers who deploy ransomware attacks, noting that a “huge portion” of incidents trace back to actors in Russia.
Kremlin spokesman Dmitry Peskov told the state RIA news agency that Wray’s comments appeared to be “emotionally charged,” adding that hackers exist in every country in the world.
Russia has previously denied that state-sponsored hackers launched cyberespionage campaigns against U.S. institutions.
“I have heard about some meat processing company, it's nonsense, we understand it's just laughable. A pipeline? It's nonsense, too,” Putin told state television Friday.
“It’s just laughable. But apparently, thank God, there are reasonable people who ask this question, and they ask these questions of those who are trying to provoke some new conflicts before our meeting with Biden,” Putin said in an interview with Channel One.
“Let’s see what the result of that will be. I can’t comment any more substantively than I have done,” Putin said.
President Biden has already launched a “rapid strategic review” to address the dangers of ransomware, including the creation of a global coalition to hold countries who harbor ransomware criminals accountable. The initiative builds on an executive order Biden signed last month to protect the federal government against cyberattacks — an effort that the administration would like to see extend to the private sector.
The coordinated efforts also need to address the root cause of the attacks, and bring clear cybersecurity recommendations and possibly regulations to companies, many experts emphasize.
Oren Falkowitz, co-founder of Area 1 Security, noted that most ransomware attacks begin with relatively unsophisticated “phishing” schemes, in which hackers manipulate workers often through email to gain access to the network. Area 1 works on preventing phishing, and Falkowitz urged the need to not just react to big attacks but to put resources into preventing them.
“What would work is being preemptive,” he said.
Still, Reiner and other experts note — this is just a beginning. To put a stop to large-scale ransomware attacks, private companies must invest in significant cybersecurity technology, governments must set standards and criminal groups must be investigated.
Ransomware attacks have become a lucrative enterprise for bad actors, who find ways into companies’ networks through phishing or by exploiting outdated technology. Once inside, they take control of key parts of an organization’s systems and demand a ransom to unlock them.
Such attacks are extracting increasingly larger sums from individual companies. The average ransomware payment more than doubled in 2020, to $312,000, from the year before, according to the cybersecurity company Palo Alto Networks.
Hackers also are becoming more brazen with their demands. In 2021, the company said, the largest extortion amount was $50 million. That compares with $30 million in 2020 and $15 million in 2019.
Wray said that ransomware incidents have tripled in the past year, based on incoming complaints to the FBI and reports from businesses.
REvil, the hacking group that the FBI said attacked JBS, engages in “big game hunting,” said Assaf Dahan, Head of Nocturnus Threat Research at Cybereason. The hackers seek out large corporations to pull down higher fees, believing that bigger organizations have the resources to pay up and the financial and social incentives to restore their operations as soon as possible.
Hackers walked away with
$4.4 million in the Colonial ransomware attack, according to chief executive Joseph Blount. Though acknowledging the payment was “highly controversial” because it might incentivize bad actors to pursue more attacks, Blount said it was “the right thing to do for the country,” given the critical importance of his company’s infrastructure.
Federal officials have linked the extortion scheme to a Russia-based group called DarkSide that
researchers say has extracted $46 million in ransom payments so far this year.
The success of past attacks also plays a role, Dahan said, since potential victims are aware that the hackers aren’t bluffing.
Experts say the recent waves of high-profile ransomware attacks highlight the massive vulnerabilities to the nation’s critical infrastructure beyond the most obvious targets, like the power grid, and that securing physical structures, such as airports and warehouses, is only part of the equation.
“Most of these attacks can be prevented,” Dahan said, so long as companies and organizations are proactively working to protect their networks.