  • Oops!
    Something went wrong.
    Please try again later.

Biden White House under pressure to ramp up response to escalating ransomware attacks

Jenna McLaughlin
·National Security and Investigations Reporter
·6 min read
In this article:
  • Oops!
    Something went wrong.
    Please try again later.

WASHINGTON — Amid a spate of recent high-profile, costly ransomware attacks, the White House is under increased pressure to respond, leading to a high-level interagency meeting on Wednesday morning.

Over the long holiday weekend, a Russia-based cybercrime outfit called REvil claimed responsibility for infiltrating a network-monitoring tool sold by the software company Kaseya, taking hostage files belonging to 800 to 1,500 small and medium-size businesses in the U.S., Europe and Asia, according to the company, and demanding $70 million to unlock them all.

While ransomware has existed as a means for extortion for many years, cybercriminals have taken advantage of lowered cybersecurity protections while employees work from home during the coronavirus pandemic, as well as increasingly available commercial technologies sold by professional criminal gangs that sell ransomware tools as a service and split the profits. REvil is one of the top such criminals, responsible for 42 percent of known ransomware victims, according to the cybersecurity firm Recorded Future.

U.S. President Joe Biden speaks to members of the press prior to a Marine One departure from the South Lawn of the White House July 7, 2021 in Washington, DC. (Alex Wong/Getty Images)
President Biden speaks to the press from the South Lawn of the White House on Wednesday. (Alex Wong/Getty Images)

The network-management tool sold by Kaseya is used by hundreds of thousands of firms, which suggests that the impact of the recent attack is more limited than it could have been. Even so, the scale of the attack may be unprecedented, according to cybersecurity experts. Cybercriminals have learned that targeting companies in the supply chain, whose products are used by a large number of other companies, allows them to hit the highest number of victims in the shortest amount of time, maximizing profit, though drawing perhaps unwanted attention from law enforcement and the international community.

Additionally, the attackers took advantage of previously undisclosed vulnerabilities in the company’s monitoring software, rather than recycling old, previously known yet unpatched holes, and thereby demonstrated a higher level of sophistication and made it less likely the company could put up defenses in time.

Along with a recent crippling ransomware attack that halted fuel supply to the East Coast for multiple days and another on the world’s largest meat producer, the targeting of Kaseya has raised awareness of the threat posed by ransomware, leading the Biden administration to convene a meeting with officials from the State Department, Pentagon, Justice Department and intelligence community, according to White House press secretary Jen Psaki.

“It is something that from day one [the president] has made a priority and has asked his team to focus on where we can have an impact, how we can better work with the private sector and what we can do across the federal government to help address and reduce ransomware attacks on our critical infrastructure but also on a range of entities in the United States,” Psaki said on Tuesday.

White House Press Secretary Jen Psaki listens during a daily briefing at the James Brady Press Briefing Room of the White House July 6, 2021 in Washington, DC. (Alex Wong/Getty Images)
White House press secretary Jen Psaki at a daily briefing on Tuesday. (Alex Wong/Getty Images)

Additionally, Biden’s top cybersecurity adviser Anne Neuberger convened a virtual meeting Tuesday with mayors around the country on cybersecurity challenges, focusing on ransomware as a main topic, according to a readout of the meeting provided by the White House.

The White House has already broadly laid out its main avenues to address the threat, including disrupting ransomware infrastructure and operators, working more closely with the private sector, partnering with allies to pressure nations that harbor cybercriminals, enhancing cryptocurrency analysis to track down bad actors and establishing clear standards to handle ransomware payments.

Some of those efforts are already underway. For example, the Justice Department’s new ransomware task force recently seized a large portion of the $4.4 million ransomed from Colonial Pipeline Co. in May, ultimately leading the hacking group to close up shop. However, not all payments are easily tracked, particularly if criminals use more anonymous payment systems like Monero.

In recent days there have been increasing calls for the White House to address the threat quickly to help businesses defend against the onslaught of ransomware attacks.

While the FBI recommends that businesses not pay ransom to criminals, as it only encourages future crime, there are no clear requirements for affected companies to report a breach to the federal government or discuss a payment with the FBI. Lawmakers are currently considering the possibility of increasing cybersecurity reporting requirements for the private sector with the White House.

A Colonial Pipeline storage site in Charlotte, North Carolina on May 12, 2021. (Logan Cyrus/AFP via Getty Images)
A Colonial Pipeline storage site in Charlotte, N.C. (Logan Cyrus/AFP via Getty Images)

Some lawmakers are pushing for the government to strike back, using offensive cyberattacks to disrupt criminal hacking groups. Biden has made it clear that he reserves the right to respond with the government's own cyberattack, though there have not been any reported disruptions to criminal networks as of yet, and it’s unclear whether additional attacks could lead to an escalatory spiral with limited impact on deterring cybercrime.

There is also pressure for the president to make good on his recent promise during a summit with Russian President Vladimir Putin in Geneva to respond to a seemingly endless stream of ransomware attacks originating from criminal groups operating in Russia. Following his meeting with Putin, Biden said during a press conference that “responsible countries need to take actions against criminals who conduct ransomware activities on their territory.”

While Biden told reporters on Tuesday that the government was still determining the origin of the Kaseya ransomware attack, the claim of responsibility from REvil has prompted some lawmakers and cybersecurity experts to call on the president to respond forcefully.

“If this latest attack was indeed launched at least in part from Russia, then Biden’s own strategy demands he take action,” wrote Dmitri Alperovitch, the former chief technology officer at the cybersecurity firm CrowdStrike, and Matthew Rojansky, the director of the Wilson Center’s Kennan Institute, in the Washington Post. That action could include sanctions or other punitive measures, the authors suggested.

Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike Inc., speaks during the Milken Institute Global Conference in Beverly Hills, California, U.S., on Monday, May 1, 2017. (Patrick T. Fallon/Bloomberg via Getty Images)
Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, in 2017. (Patrick T. Fallon/Bloomberg via Getty Images)

“Stopping ransomware attacks is an urgent problem with consequences for all Americans, not just big companies and tech interests. Biden was right to raise the issue with Putin in Geneva,” concluded Alperovitch and Rojansky. “Now, he has an opportunity to set the future tone by delivering a quiet but clear ultimatum and, if necessary, follow through on it.”

The Biden administration may take action before long. It has announced meetings with Russian representatives next week to discuss the threat of ransomware, where U.S. cybersecurity officials will likely deliver their own demands to hold cybercriminals operating in Russia responsible.

And if Russian officials fail to deliver, the Biden administration may take matters into its own hands.

“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” said Psaki on Tuesday.

When asked by reporters before taking off on Marine One on Wednesday what his message to Putin will be on the recent spate of cyberattacks, Biden said, “I will deliver it to him.”

____

Read more from Yahoo News:

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting

Recommended Stories

  • Hackers demand $70M in biggest ransomware attack on record

    Yahoo Finance’s Dan Howley reports the latest on the Kaseya ransomware attack.

  • Biden: Ransomware attack 'caused minimal damage'

    President Joe Biden says the latest ransomware attack on Miami-based software company Kaseya "caused minimal damage" to U.S. businesses but information is still being gathered. Thousands of victims have been identified in at least 17 countries. (July 6)

  • The U.S. Spends Less Than Nearly Every Country on Unemployment. That's Why People Can't Get Jobs.

    Last month, an Indiana state court judge, citing possible “irreparable harm” to the unemployed, ruled Indiana must continue participation in the federal unemployment benefits program. Since a weaker than expected jobs report in April, there has been a steady drumbeat of calls to eliminate the current federal supplement of $300 a week, as well as other federal unemployment extensions, based on the presumption that these benefits dampen the unemployed’s desire to return to work. In fact, there appears to have been less job search activity in the states that have ended their use of federal unemployment benefits early.

  • Delayed election results present a boon to confusion and conspiracy theories

    A number of key U.S. election races have recently seen embarrassing lags and errors in reporting results, as the legitimacy of American elections has come under constant assault from former President Donald Trump.

  • No: 'Alarmed' Arizona rejects Biden’s door-to-door search for unvaccinated

    Arizona’s attorney general has rejected the Biden administration’s plan to go door-to-door to seek out the unvaccinated and encourage them to get the anti-COVID-19 shot.

  • Fed officials discussed potential reduction in stimulus

    Federal Reserve officials started discussing at their meeting last month the timing and mechanics of reducing their huge monthly bond purchases, which are used to keep longer-term interest rates in check. The debate, revealed in the minutes of the Fed’s June meeting released Wednesday, reflected a broadly positive outlook on the economy among Fed policymakers but also some concern that higher inflation could prove more persistent than the central bank has previously indicated. The Fed is buying $120 billion a month in Treasury securities and mortgage-backed bonds to keep longer-term interest rates low and encourage more borrowing and spending.

  • Ransomware Hackers May Be in Over Their Heads. They May Not Even Get Paid.

    Michael BorgersThe Russian-speaking gang that set off a chain reaction of ransomware attacks around the globe last Friday might be in a little over its head, experts tell The Daily Beast.The hackers, known as the REVil ransomware gang, went after Kaseya, a firm which sells software to other companies. By infiltrating Kaseya’s customers—many of which are IT providers—the hackers have also been able to hit those companies’ clients with malicious software that locks them out of their machines unles

  • Honolulu officers want charges dismissed in fatal shooting

    Three Honolulu police officers are asking a judge to dismiss charges against them in connection with a shooting that killed a 16-year-old Micronesian boy. Prosecutors pursuing charges against them after a grand jury declined to indict them “is statutorily and constitutionally impermissible,” said a motion to dismiss by Officer Zackary Ah Nee. Attorneys representing fellow Officers Geoffrey Thom and Christopher Fredeluces have joined in the motion filed Tuesday.

  • Surfside condo collapse: Death toll jumps to 46 as search for survivors enters 14th day

    The death toll in the collapse of a beachfront condo in Surfside, Fla., increased to 46 on Wednesday, after 10 more bodies were pulled from the rubble overnight.

  • Woman arrested while ordering food in McDonald's drive-thru after allegedly dragging officer

    Massachusetts police said 38-year-old Johanna Gardell hit multiple police cars and dragged an officer after stealing a truck.

  • South Carolina gov: Abortion order 'oversteps' federal power

    South Carolina's governor wants a new abortion law to take effect, arguing Wednesday that a judge's decision to put the whole measure — and not just the parts being challenged in court — on hold during a lawsuit “oversteps the bounds of federal judicial power.” Gov. Henry McMaster's brief with the 4th U.S. Circuit Court of Appeals asks appellate judges to lift a lower court's injunction on the “ South Carolina Fetal Heartbeat and Protection from Abortion Act. ” The Republican signed the measure into law earlier this year. Planned Parenthood attorneys sued immediately, and the entire law has been blocked from going into effect during the litigation.

  • Pentagon Cancels $10 Billion Contract With Microsoft

    The Department of Defense said Tuesday that it has canceled a massive contract for cloud services with Microsoft. Awarded in 2019, the Joint Enterprise Defense Infrastructure (JEDI) contract could have been worth upwards of $10 billion over 10 years. But the agreement to provide immense storage and computing power to soldiers in the field and commanders at the Pentagon was controversial from the start, with Amazon charging that the contract award was tainted by political considerations in the Tr

  • War on Biden’s anti-gun ATF nominee escalates

    The firearms industry is stepping up its fight to block President Joe Biden’s anti-gun pick to lead the ATF, turning the heat on two key fence-sitting senators.

  • Black students, faculty: UNC needs self-examination on race

    When the University of North Carolina first declined to vote on granting tenure to journalist Nikole Hannah-Jones, kicking off a protracted battle marked by allegations of racism and conservative backlash over her work examining the legacy of slavery, Black students and faculty at UNC saw yet another example of the institution's failure to welcome and support scholars and students of color. For years, Black students and faculty at UNC have expressed frustration with the way they are treated, from disproportionate scrutiny by campus police to the dearth of Black professors and staff. Without meaningful self-examination and change, they said, UNC risks its ability to recruit and retain students and faculty of color and continues to alienate its Black community.

  • McFaul: White House should ‘respond more forcefully’ to cyberattacks

    Former U.S. ambassador to Russia, Michael McFaul, says the Biden administration must respond to potential cyberattacks linked to Russia.

  • Report: Many around NBA love potential fit of Jalen Green in Houston

    Per Kelly Iko, many people around the NBA love the idea of Jalen Green in Houston, and his fit with Kevin Porter Jr. in the backcourt.

  • Courtney Barnett announces new album Things Take Time, Take Time

    It’s been a bit since we’ve gotten a new record from Courtney Barnett. The Australian singer-songwriter released Tell Me How You Really Feel back in 2018, and she released a couple of singles in 2019. But the wait for a new album will soon be over. Barnett announced her third album, Things Take Time, Take Time, is out on November 12 via Mom + Pop/Marathon Artists. In the Rolling Stone profile of Barnett, Simon Vozick-Levinson writes that Things Take Time, Take Time “might be the most personal re

  • Olympics-White House recommends rule review after Richardson ban

    (Reuters) -The White House on Wednesday said it may be worthwhile to review anti-doping rules in sport after American sprinter Sha'Carri Richardson tested positive for cannabis use. USA Track & Field (USATF) on Tuesday declined to select Richardson to the relay team for the 2020 Olympics in Tokyo after she accepted a one-month ban for the prohibited substance, which she said was to cope with her mother's death. Selection for the relay team was her only remaining hope of competing at the Games.

  • Ghislaine Maxwell's Legal Team Say She Had Similar Agreement To Bill Cosby And Should Be Released

    Accused sex trafficker Ghislane Maxwell’s legal team said late last week that her case is similar to that of Bill Cosby, as, like the recently released comedian, the socialite was covered by a 2007 non-prosecution agreement involving the now-deceased billionaire and sex offender Jeffrey Epstein. Maxwell stands accused of helping groom underage girls for Epstein, who authorities say died by suicide in a federal jail in 2019 while facing sex trafficking allegations.On Friday, her legal team claime

  • CA lawmakers to help fund wildlife crossing projects

    Every year thousands of wildlife-involved crashes create hundreds of millions of dollars in damage and lives lost for animals. New wildlife crossings in California could help with those issues.