WASHINGTON — Amid a spate of recent high-profile, costly ransomware attacks, the White House is under increased pressure to respond, leading to a high-level interagency meeting on Wednesday morning.
Over the long holiday weekend, a Russia-based cybercrime outfit called REvil claimed responsibility for infiltrating a network-monitoring tool sold by the software company Kaseya, taking hostage files belonging to 800 to 1,500 small and medium-size businesses in the U.S., Europe and Asia, according to the company, and demanding $70 million to unlock them all.
While ransomware has existed as a means for extortion for many years, cybercriminals have taken advantage of lowered cybersecurity protections while employees work from home during the coronavirus pandemic, as well as increasingly available commercial technologies sold by professional criminal gangs that sell ransomware tools as a service and split the profits. REvil is one of the top such criminals, responsible for 42 percent of known ransomware victims, according to the cybersecurity firm Recorded Future.
The network-management tool sold by Kaseya is used by hundreds of thousands of firms, which suggests that the impact of the recent attack is more limited than it could have been. Even so, the scale of the attack may be unprecedented, according to cybersecurity experts. Cybercriminals have learned that targeting companies in the supply chain, whose products are used by a large number of other companies, allows them to hit the highest number of victims in the shortest amount of time, maximizing profit, though drawing perhaps unwanted attention from law enforcement and the international community.
Additionally, the attackers took advantage of previously undisclosed vulnerabilities in the company’s monitoring software, rather than recycling old, previously known yet unpatched holes, and thereby demonstrated a higher level of sophistication and made it less likely the company could put up defenses in time.
Along with a recent crippling ransomware attack that halted fuel supply to the East Coast for multiple days and another on the world’s largest meat producer, the targeting of Kaseya has raised awareness of the threat posed by ransomware, leading the Biden administration to convene a meeting with officials from the State Department, Pentagon, Justice Department and intelligence community, according to White House press secretary Jen Psaki.
“It is something that from day one [the president] has made a priority and has asked his team to focus on where we can have an impact, how we can better work with the private sector and what we can do across the federal government to help address and reduce ransomware attacks on our critical infrastructure but also on a range of entities in the United States,” Psaki said on Tuesday.
Additionally, Biden’s top cybersecurity adviser Anne Neuberger convened a virtual meeting Tuesday with mayors around the country on cybersecurity challenges, focusing on ransomware as a main topic, according to a readout of the meeting provided by the White House.
The White House has already broadly laid out its main avenues to address the threat, including disrupting ransomware infrastructure and operators, working more closely with the private sector, partnering with allies to pressure nations that harbor cybercriminals, enhancing cryptocurrency analysis to track down bad actors and establishing clear standards to handle ransomware payments.
Some of those efforts are already underway. For example, the Justice Department’s new ransomware task force recently seized a large portion of the $4.4 million ransomed from Colonial Pipeline Co. in May, ultimately leading the hacking group to close up shop. However, not all payments are easily tracked, particularly if criminals use more anonymous payment systems like Monero.
In recent days there have been increasing calls for the White House to address the threat quickly to help businesses defend against the onslaught of ransomware attacks.
While the FBI recommends that businesses not pay ransom to criminals, as it only encourages future crime, there are no clear requirements for affected companies to report a breach to the federal government or discuss a payment with the FBI. Lawmakers are currently considering the possibility of increasing cybersecurity reporting requirements for the private sector with the White House.
Some lawmakers are pushing for the government to strike back, using offensive cyberattacks to disrupt criminal hacking groups. Biden has made it clear that he reserves the right to respond with the government's own cyberattack, though there have not been any reported disruptions to criminal networks as of yet, and it’s unclear whether additional attacks could lead to an escalatory spiral with limited impact on deterring cybercrime.
There is also pressure for the president to make good on his recent promise during a summit with Russian President Vladimir Putin in Geneva to respond to a seemingly endless stream of ransomware attacks originating from criminal groups operating in Russia. Following his meeting with Putin, Biden said during a press conference that “responsible countries need to take actions against criminals who conduct ransomware activities on their territory.”
While Biden told reporters on Tuesday that the government was still determining the origin of the Kaseya ransomware attack, the claim of responsibility from REvil has prompted some lawmakers and cybersecurity experts to call on the president to respond forcefully.
“If this latest attack was indeed launched at least in part from Russia, then Biden’s own strategy demands he take action,” wrote Dmitri Alperovitch, the former chief technology officer at the cybersecurity firm CrowdStrike, and Matthew Rojansky, the director of the Wilson Center’s Kennan Institute, in the Washington Post. That action could include sanctions or other punitive measures, the authors suggested.
“Stopping ransomware attacks is an urgent problem with consequences for all Americans, not just big companies and tech interests. Biden was right to raise the issue with Putin in Geneva,” concluded Alperovitch and Rojansky. “Now, he has an opportunity to set the future tone by delivering a quiet but clear ultimatum and, if necessary, follow through on it.”
The Biden administration may take action before long. It has announced meetings with Russian representatives next week to discuss the threat of ransomware, where U.S. cybersecurity officials will likely deliver their own demands to hold cybercriminals operating in Russia responsible.
And if Russian officials fail to deliver, the Biden administration may take matters into its own hands.
“If the Russian government cannot or will not take action against criminal actors residing in Russia, we will take action or reserve the right to take action on our own,” said Psaki on Tuesday.
When asked by reporters before taking off on Marine One on Wednesday what his message to Putin will be on the recent spate of cyberattacks, Biden said, “I will deliver it to him.”
Read more from Yahoo News: