Biden administration stepping up efforts to respond to ransomware attacks

The Biden administration on Thursday will announce new cross-agency measures to address the recent major ransomware attacks on companies including Colonial Pipeline and software group Kaseya.

A senior administration official told The Hill that an interagency task force, created as part of President Biden’s directive in April for federal agencies to address ransomware attacks, has made progress in identifying and coordinating action on a range of fronts regarding ransomware concerns.

These include working to disrupt cyber criminal groups and the infrastructure responsible for ransomware attacks, building an international coalition to confront cyber threats abroad, addressing the use of cryptocurrency to pay ransoms, improving cyber hygiene and promoting the reporting of ransomware incidents. 

The task force, which the administration official said has regularly convened, is made up of law enforcement officials, members of the intelligence community, sector risk-management agencies, regulators and other agencies.

“Our cyber response will continue to manifest in unseen and seen ways,” the senior administration official said in a statement provided to The Hill. “Although we will not be in a position to provide detailed progress of all efforts, we will intermittently report on the holistic progress departments and agencies are making together to confront this years-long escalating threat.”

In addition, administration officials told reporters on a call Wednesday that the State Department will launch a financial rewards program for information on foreign state-sponsored hacking efforts targeting U.S. critical infrastructure.

The Treasury Department is also involved, with the agency’s Financial Crimes Enforcement Network set to announce Thursday that it will convene a virtual conference on ransomware later this year with groups including financial institutions and technology firms. 

The enhanced efforts come amid a huge increase in ransomware attacks against critical U.S. companies, including the attacks in May by Russian-linked cyber criminal groups on Colonial Pipeline, which provides 45 percent of the East Coast’s fuel, and on meat producer JBS USA.

The ransomware attack on Kaseya earlier this month has become one of the largest ransomware attacks in history, impacting as many as 1,500 companies, many of which were small businesses. 

The attack was linked by cybersecurity experts to Russian-based cyber criminal group REvil, which the FBI said was also behind the attack on JBS. The group’s dark web sites were taken down earlier this week, and it remained unclear Thursday who was behind the takedown.

Tensions between the U.S. and Russia have increased due to these attacks and the SolarWinds hack, which compromised nine federal agencies and was linked to the Russian government.

Biden discussed cybersecurity concerns with Russian President Vladimir Putin during their summit in Geneva last month, and called Putin last week following the Kaseya attack to urge him to take action against Russian-based cyber criminals. 

Biden in May took steps in the U.S. to promote cybersecurity, signing an executive order aimed at increasing the cybersecurity of federal agencies and federal contractors. 

Anne Neuberger, Biden’s deputy national security adviser for cyber and emerging technology, discussed the administration’s efforts to combat ransomware during a phone call with members of Congress on Wednesday afternoon.

Sen. Angus King (I-Maine), a member of the Senate Intelligence Committee, participated in the call and told reporters Wednesday night that the recent takedown of REvil websites was not discussed. 

“I’d call it a very positive call. The administration is moving forward on a number of fronts based upon the executive order that the president signed almost exactly 60 days ago, and clearly ransomware is a serious issue,” King said. 

The call took place two days after former National Security Agency Deputy Director Chris Inglis was sworn in as the nation’s first White House national cyber director, charged with helping coordinate cybersecurity between federal agencies. 

King told reporters that Inglis did not participate in the call on Wednesday. According to Politico, officials from the Cybersecurity and Infrastructure Security Agency (CISA), the Justice Department, the Treasury Department and the FBI were also on the call, with Neuberger taking the lead. 

King stressed that he saw the administration’s efforts to push back against ransomware attacks as neither “PR moves” nor “deterrence.”

“I think Vladimir Putin understands power and he understands risk, and he has to understand that this kind of conduct by the Russian state is unacceptable and will entail cost,” King said.