Biden White House lays out plan to tackle ransomware attacks

WASHINGTON — Amid an explosion of attention-grabbing ransomware attacks in recent months, the Biden administration Wednesday evening told lawmakers about its plans to confront attackers and assist victims.

Over just the last year, such attacks have cost victims — from pipeline operators to major beef suppliers — millions of dollars to unlock their stolen files.

The White House’s strategy to address the growing crime wave has multiple pieces, according to lawmakers present for the briefing and a senior administration official who previewed the plan for reporters. “This is something that has built up over a number of years, and it’s not something that will be solved in a moment,” said the senior administration official, speaking on background to reporters and outlining the approach. “We’re looking for an enduring impact. That’s the measure for us.”

Those lines of effort include actively disrupting ransomware gangs and the digital infrastructure they use to operate, as when the Department of Justice seized a cryptocurrency wallet to recover $4.4 million in extortion paid by Colonial Pipeline in May. Other measures include putting pressure on cryptocurrency exchanges to make it more challenging for criminals to covertly profit from their misdeeds, teaming up with allies overseas who are facing similar challenges, and tightening up U.S. defenses against digital compromise.

According to sources present for the White House briefing to lawmakers, Biden’s top cybersecurity adviser on the National Security Council, Anne Neuberger, led the presentation, which focused on how vulnerabilities in digital systems pose a challenge to the United States. Ransomware is one way that criminals take advantage of that insecurity, a mode of attack that has only increased as more people have worked from home during the coronavirus pandemic. Additionally, with the rise of cryptocurrency and the increasing availability of malicious ransomware tools for anyone to purchase, the atmosphere is ripe for extortion and compromise.

On the broader cybersecurity front, the Biden administration is increasing the number of classified briefings it provides to energy and infrastructure company CEOs to help them understand the range of digital threats they face, according to one source present for the briefing.

There will also be a new ransomware task force housed at the White House, which will draft a written strategy to approach the issue. The State Department will offer reward money, up to $10 million, for information about ransomware gangs, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) launched a website to provide the public with information about the threat, similar to its 2020 presidential election disinformation debunking website. The Treasury Department will lead an effort to help law enforcement better track cryptocurrency payments as well.

Less detail was provided about efforts to disrupt or launch counterattacks against criminal hackers in cyberspace, an option many lawmakers and experts have pushed for in recent weeks but one that carries the risk of a cycle of escalation. The United States, given its level of interconnectivity through digital devices, is particularly vulnerable. However, the White House has made clear it will not hesitate to take action, including against Russia, if authorities there refuse to penalize the criminals.

The White House declined to comment on whether the U.S. government or the Russian government took action to knock offline the prolific ransomware group REvil, a criminal gang that recently disappeared from the dark web following a wide-ranging ransomware attack over Memorial Day weekend. It’s possible the U.S. took action to disrupt the group, or Russian officials responded to urgent White House requests to pursue the criminals. However, similar to another active ransomware group called DarkSide, criminal hackers sometimes go offline to avoid further negative attention and later reassemble under a different name.

Sen. Angus King, the chair of the Cyberspace Solarium Commission and an independent from Maine, described the briefing as “thorough and professional,” noting that federal agencies such as the FBI, CISA, U.S. Cyber Command and others will be involved in carrying out the response to ransomware. “Clearly ransomware is a serious issue,” he told reporters on Wednesday evening.

Congress will also play an important role in confronting the ransomware scourge, King said, likely through different pieces of legislation. One line of effort will focus on outlining how to both protect and hold responsible companies operating critical infrastructure. “This is something we have to move on quickly,” he said.

Additionally, a proposed Cyber Diplomacy Act would establish a specific office at the State Department to lead efforts on coordinating an international strategy to approach norms and standards in cyberspace, King said.

Over recent weeks, Biden administration officials have continued to insist that confronting ransomware will be a long-running effort where no single line of attack will be successful. Relying fully on resilience and defense won’t work, noted Matt Hartman, a senior CISA official, during a webinar on the Biden administration’s cybersecurity strategy earlier in the week.

“We’ve had a number of interagency policy councils to discuss it,” Hartman said, referring to efforts by law enforcement, the intelligence community, diplomats and the military.

“There’s no silver bullet,” he concluded.

____

Read more from Yahoo News:

• How Trump helped the Saudis whitewash the murder of Jamal Khashoggi

• The real measure of Justice Amy Coney Barrett will come in the next year

• NYPD’s new ‘game truck’ draws scrutiny from critics

• How do we survive extreme heat brought by climate change?