As the ransomware threat against companies, institutions, and organizations in the U.S. is becoming increasingly present and likely imminent, Joe Biden plans on taking strategic action against it after elevating it to National Security Priority.
Biden to set up strategies against ransomware attacks
U.S. President Joe Biden will address the growing ransomware threat by discussing the administration’s strategy in the likely case of a high-profile cyberattack with key officials.
The White House released a statement on Tuesday night, calling the emerging risk “national security and economic security priority for the administration,” also announcing that Biden will discuss the ransomware threat and ways to fight it with various agency leaders in a private meeting on Wednesday.
The Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger held a similar meeting on Tuesday, during which she discussed vulnerabilities and strategic moves with the U.S. Conference of Mayors.
Ransomware threat is real and needs immediate measures
After a massive attack over the U.S. holiday weekend that compromised over 1000 companies with victims in at least 17 countries, the audacious growth of the ransomware threat and the urgent need to combat it became fairly obvious.
The attack was allegedly attributed to a cybercriminal group most likely located in Russia, known as REvil or Sodinokibi.
REvil (short for “Ransomware Evil”) is a private ransomware-as-a-service operation. Following an attack, REvil would threaten to publish the stolen information on their page ironically called Happy Blog unless the ransom is paid.
REvil operates by recruiting affiliates who distribute ransomware for them. The ransomware developers and the affiliates share the revenue generated from ransomware payments as part of their arrangement. The group is believed to be located in Russia, due to the fact that they don’t target Russian organizations, nor those in former Soviet-bloc countries.
Cybersecurity experts say that REvil is an offshoot of a previous notorious, but now-defunct hacker gang, GandCrab. This is believed because REvil first became active right after GandCrab’s shutdown and the two share a significant amount of code.
REvil is responsible for high-profile attacks, such as those targeting a supplier of the tech giant Apple in April this year or exploiting previously unknown weaknesses in IT management software made by Kaseya Ltd.
The victim list of the recent attacks includes local institutions, hospitals, and even cities and towns.
In the Tuesday meeting, Neuberger told the mayors that a recent pilot program to enhance the security of electric utilities would “soon be followed by similar initiatives to strengthen the cyber resilience of other critical sectors like pipelines, water, and chemicals,” said the White House. The statement did not provide further details.
She also stated that the local and state governments would “have the full resources of the federal government when responding to a cyber incident, including the assistance of cybersecurity professionals from the FBI and the Cybersecurity and Infrastructure Security Agency,” the White House added.
The Deputy National Security Advisor for Cyber and Emerging Technologies also stated that the strategy would include international efforts to hold responsible the nations where it is known and proven that ransomware groups operate.
However, the ransomware threat continues to exist and poses a great risk to the U.S. even after Biden discussed it with Russian President Vladimir Putin at Biden’s summit in Geneva last month. Biden said he provided Putin a list of 16 critical sectors that should not be compromised by hackers, otherwise, the American government would reciprocate the attack using its own cyber force.
Joe Biden’s response to the ransomware threat was harshly criticized by House Republican Leader Kevin McCarthy, who appeared on Fox News Tuesday night.