FBI Director Christopher Wray sounded the alarm on ransomware in stark terms by likening the challenge posed by the recent spate of damaging cyber attacks on the US to the September 11 terrorist attacks, calling for a similar response. His remarks come as officials across government have tried to step up the urgency of the response to the problem after back-to-back ransomware incidents exposed the vulnerability of critical industries in the United States.
“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said in an interview with the Wall Street Journal on Thursday. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
“The scale of this problem is one that I think the country has to come to terms with,” he added.
Wray’s remarks reflect a developing consensus within the Biden administration that ransomware ranks among the gravest threats to national security the United States has ever faced. And it is part of a broader, all-hands effort by the White House to convince the public it has control of the situation – even as some cybersecurity experts say the executive branch is limited in what it can do unilaterally to stop the attacks.
The comments also underscore growing alarm within the highest levels of the US government following the back-to-back attacks on JBS Foods and Colonial Pipeline, which not only demonstrated the impact such attacks can have on the day-to-day lives of everyday Americans but the nation’s inability to guard against them. The Justice Department this week signaled that it plans to coordinate its anti-ransomware efforts with the same protocols as it does for terrorism and the White House issued a rare open letter to companies calling on them to treat the threat of ransomware attacks with greater urgency.
Deputy Attorney General Lisa Monaco also underlined the gravity of the problem in an interview on Friday.
“I absolutely agree we need to treat ransomware and cyberattacks like the national security threat that they are,” she told CNBC. “That’s why we need to have a national picture, and we need to bring all our tools to bear.”
“We know that indeed the most recent attacks against JBS Foods and Colonial Pipeline are linked to criminal actors, criminal groups that are known to law enforcement that have ties to Russia,” Monaco said, adding: “We cannot give any quarter and no country should be harboring criminal actors of any type.”
15,000 ransomware incidents in the last year
The United States was hit by more than 15,000 ransomware incidents against organizations last year alone, according to Brett Callow, a threat analyst at the cybersecurity firm Emsisoft. The attacks cost the US between an estimated $596 million and $2.3 billion in 2020 in ransom payments and lost productivity, Callow said. The true figures may likely be even higher, he added, because Emsisoft’s estimates only account for confirmed cases of ransomware incidents.
In the last several years, threat actors have been increasingly successful at hitting larger enterprises in newsworthy attacks, according to Callow.
Thursday’s DOJ memo directs US prosecutors to report internally all ransomware investigations they may be working on, in a move designed to better coordinate the US government’s tracking of online criminals.
The memo cites ransomware – malicious software that seizes control of a computer until the victim pays a fee – as an urgent threat to the nation’s interests.
“We must enhance and centralize our internal tracking of investigations and prosecutions of ransomware groups and the infrastructure and networks that allow these threats to persist,” Monaco wrote.
And in a letter sent out from the White House, the National Security Council’s top cyber official, Anne Neuberger, wrote to corporate executives and business leaders that the private sector needs to better understand its critical role.
“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote. “We urge you to take ransomware crime seriously and ensure your corporate cyber defense match the threat.”
US businesses of all sizes should immediately implement security measures such as creating offline backups of critical data, implementing multi-factor authentication and deploying encryption to scramble sensitive information, Neuberger said.
In the Journal interview, Wray singled out the Russian government for allowing the cyber actors that the United States and others believe are behind the recent Colonial and JBS attacks to continue operating in Russia.
“Time and time again, a huge portion of those traced back to actors in Russia. And so, if the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” Wray said.
Attacks on the agenda when Biden meets Putin
President Joe Biden will address the JBS attack as well as the increased threat of cyber attacks while meeting with Russian President Vladimir Putin later this month in Geneva, the White House has said. As he meets with other world leaders, Biden will also seek to build an international coalition against ransomware, the White House has said.
The administration is not “taking any options off the table” in response to the JBS incident, press secretary Jen Psaki said at a press briefing this week.
Those announcements follow weeks of other moves by the administration designed to show how aggressively it is confronting the threat of cybercrime and foreign hacking.
In April, the Justice Department launched an internal task force dedicated to hunting down ransomware criminals and disrupting their financial networks. The White House announced a 100-day sprint to assess the cybersecurity of the country’s electric grid, working with utilities to install monitoring technology that can scan for signs of hacking.
Biden also signed an executive order seeking to beef up digital security at US agencies, to elevate federal contractors that prioritize cybersecurity and to sanction Russia for its role in state-sponsored hacking. He also initiated a review of the US government’s approach to ransomware specifically, focusi