WASHINGTON — Amid a spate of recent high-profile, costly ransomware attacks, the White House is under increased pressure to respond, leading to a high-level interagency meeting on Wednesday morning.
Over the long holiday weekend, a Russia-based cybercrime outfit called REvil claimed responsibility for infiltrating a network monitoring tool sold by software company Keseya, taking hostage files belonging to small- and medium-sized businesses in the U.S., Europe, and Asia, according to the company, demanding $70 million to unlock them all.
While ransomware has existed as a , cyber criminals have taken advantage of lowered cybersecurity protections while employees work from home during the coronavirus pandemic, as well as increasingly available commercial technologies sold by professional criminal gangs that sell ransomware tools as a service and split the profits. REvil is one of the top such criminals, responsible for 42 percent of known ransomware victims, according to cybersecurity firm Recorded Future.
The network management tool sold by Kesaya is used by hundreds of thousands of firms, suggesting the impact of the recent attack is more limited than it could have been. Even so, the scale of the attack may be unprecedented, according to cybersecurity experts. Cyber criminals have learned that targeting companies in the supply chain, whose products are used by a large number of other companies, allows them to hit the highest number of victims in the shortest amount of time, maximizing profit, though drawing perhaps unwanted attention from law enforcement and the international community.
Additionally, the attackers previously undisclosed vulnerabilities in the company’s monitoring software, rather than recycling old, previously known yet unpatched holes, demonstrating a higher level of sophistication and making it less likely the company could put up defenses in time.
Along with a recent crippling ransomware attack that halted fuel supply to the East Coast for multiple days and another on the world’s largest meat producer, the targeting of Kesaya has raised awareness of the threat posed by ransomware, leading the Biden administration to convene an interagency meeting with officials from the State Department, Pentagon, Department of Justice, and intelligence community, according to White House Press Secretary Jen Psaki.
“It is something that from day one he has made a priority and has asked his team to focus on where we can have an impact, how we can better work with the private sector, and what we can do across the federal government to help address and reduce ransomware attacks on our critical infrastructure but also on a range of entities in the United States,” Psaki said on Tuesday.
Additionally, Biden’s top cybersecurity advisor Anne Neuberger convened a virtual meeting Tuesday with local mayors around the country on cybersecurity challenges, focusing on ransomware as a main topic, according to a readout of the meeting provided by the White House.
The White House has already broadly laid out its main avenues to address the threat, including disrupting ransomware infrastructure and operators, working more closely with the private sector, partnering with allies to pressure nations that harbor cybercriminals, enhancing cryptocurrency analysis to track down bad actors, and establishing clear standards to handle ransomware payments.
Some of those efforts are already underway. For example, the Department of Justice’s new ransomware task force recently seized a large portion of the $4.4 million ransomed from Colonial Pipeline Co. in May, ultimately leading the hacking group to close up shop. However, not all payments are easily tracked, particularly if criminals use more anonymous payment systems like Monero.
In recent days, there have been increasing calls for the White House to address the threat quickly to help businesses defend against the onslaught of ransomware attacks.
While the FBI recommends that businesses not pay ransom to criminals, as it only encourages future crime, there are no clear requirements for affected companies to report a breach to the federal government or discuss a payment with the FBI. Lawmakers are currently discussing the possibility of increasing cybersecurity reporting requirements for the private sector with the White House.
Some lawmakers are also pushing for the government to strike back, using offensive cyberattacks to disrupt criminal hacking groups. President Biden has made it clear that he reserves the right to respond with its own cyberattack, though there have not been any reported disruptions to criminal networks as of yet, and it’s unclear whether additional attacks could lead to an escalatory spiral with limited impact on deterring cybercrime.
There is also pressure for President Biden to make good on his recent promise during a summit with Vladimir Putin in Geneva, Switzerland to respond to a seemingly endless stream of ransomware attacks originating from criminal groups operating in Russia. Following his meeting with the Russian president, Biden said during a press conference in Geneva that “responsible countries need to take actions against criminals who conduct ransomware activities on their territory.”
While Biden told reporters on Tuesday the government was still determining the origin of the Keseya ransomware attack, the claim of responsibility from notorious group REvil has prompted some lawmakers and cybersecurity experts to call on Biden to respond forcefully.
“If this latest attack was indeed launched at least in part from Russia, then Biden’s own strategy demands he take action,” wrote Dmitri Alperovitch, the former chief technology officer at cybersecurity firm CrowdStrike and Matthew Rojansky, the director of the Wilson Center’s Kennan Institute, . That action could include sanctions or other punitive measures, the authors suggest.
“Stopping ransomware attacks is an urgent problem with consequences for all Americans, not just big companies and tech interests. Biden was right to raise the issue with Putin in Geneva,” concluded Alperovitch and Rojansky. “Now, he has an opportunity to set the future tone by delivering a quiet but clear ultimatum and, if necessary, follow through on it.”
The Biden administration may take action before long. The White House has announced meetings with Russian representatives next week to discuss the threat of ransomware, where U.S. cybersecurity officials will likely deliver their own demands to hold cybercriminals operating in Russia responsible.
And if Russian officials fail to deliver, Biden officials may take matters into their own hands.
“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” said White House Press Secretary Jen Psaki on Tuesday.
When asked by reporters before taking off on Marine One what his message to Putin will be on the recent spate of cyberattacks, President Biden said “I will deliver it to him.”
Read more from Yahoo News: