What's happening with cyberattacks in the US

National security adviser Jake Sullivan said the administration will address ransomware, which he called a “national security priority” at every stop of President Biden’s first foreign trip as President, saying the US hopes to see commitments from its allies on how to address cyber threats.

Pressed by CNN’s Phil Mattingly on what specific commitments the US would like to see on ransomware coming out of the G7 and NATO summits, Sullivan said he hopes there is the start of an “action plan” between the US and its allies across a number of critical areas in regards to continued ransomware threats.

“First, how to deal with the increasing the robustness and resilience of our defenses against ransomware attacks collectively. Second how to share information about the nature of the threat among our democracies. Third, how to deal with the cryptocurrency challenge which is lies at the core of how these ransom transactions are played out,” Sullivan said.

Sullivan added he wants to address how the countries at the G7 can “collectively speak with one voice to those countries, including Russia, that are harboring or permitting cyber criminals to operate from their territory.”

Some more context: In an interview with Axios, Secretary of State Antony Blinken said Biden’s meeting with Russian President Vladimir Putin is happening “not in spite of” the cyberattacks, but “because of them,” and Biden will warn Putin “directly and clearly what he can expect from the United States if aggressive, reckless actions toward us continue.”

“We will also speak in the NATO context about cyber threats, particularly as they relate to critical infrastructure, as being of a different order of magnitude of security threat that the alliance has to concern itself with a way that it hasn't historically, but it's got to become a priority going forward,” Sullivan said.

CNN reported Friday that Biden and White House officials are increasingly worried about a major attack on various sectors.

Many people think of cyberattacks as just that: an attempt by hackers to steal sensitive data or money online. But now hackers have found a significant moneymaker in targeting physical infrastructure.

These attacks have the potential to spark mayhem in people's lives, leading to product shortages, higher prices and more. The greater the disruption, the greater the likelihood that companies will pay to alleviate it.

Multiple recent ransomware attacks have originated from Russia, according to US officials. Last Wednesday, the FBI attributed the attack on meat producer JBS to Russia-based cybercriminal group called REvil, which also tried to extort Apple supplier Quanta Computer earlier this year. REvil is similar to DarkSide, the group US officials said was behind the ransomware attack that shut down the Colonial Pipeline last month.

Experts say both REvil and DarkSide operate what are essentially "ransomware-as-a-service" businesses, often employing large staffs to create tools to help others execute ransomware attacks, and taking a cut of the profits. In some cases, they also carry out their own attacks. Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere because they bring money into the country, cybersecurity experts say.

The list of potential targets is long. The US government's Cybersecurity and Infrastructure Agency (CISA) lists 16 different industries as "critical infrastructure sectors," including energy, healthcare, financial services, water, transportation, food and agriculture, the compromise of which could have a "debilitating effect" on the US economy and security. But experts say much of this infrastructure is aging, and its cyber defenses haven't kept up with the evolution of bad actors.

Read more here.

While American companies have been targeted in recent high-profile cyberattacks, individual people — anyone who uses the internet — can also be at risk.

Criminal organizations behind ransomware attacks don't care if the victim is an individual or a business, they just want to get paid. Ransomware is often obtained through social engineering — an act of someone stealing personal data by using information gleaned from their social media account — phishing emails or getting someone to click on a link on a website. It's especially prevalent on pornography and pirate websites that promise free viewing. Ransomware kits are also sold on the dark web, a part of the internet not detected by search engines where cybercriminals often sell and buy illicit materials.

So what should you do if you've fallen victim? The FBI's general guidance is that victims should not pay a ransom.

If a hacker gets a credit card number and goes on a shopping spree, a bank can often reverse the charges, but the use of cryptocurrency makes funds nearly impossible to get back. Some common malware infections can be reversed with existing cybersecurity tools but many cannot.

"Ransomware groups evolve their tactics generally when they see that cybersecurity tools can counter them," said Michela Menting, research director at ABI Research. Some security researchers have tools to decrypt ransomware, but they're not always reliable because many ransomware versions exist.

People who are hit with ransomware should treat their computer as though it's compromised even after it's been unlocked. "This is because you do not know what changes the ransomware made to the system when it was infected," Randall Magiera, cybersecurity expert and professor of information technology at Tulane University, said.

He suggested erasing the computer's hard drive and reinstalling the entire operating system rather than selecting the option that restores files.

Even though it's hard to track down the criminals and prosecute them, anyone targeted should report the crime to police officials, according to Menting. "The greater the number of incidents reported, the more visibility this provides to law enforcement, which eventually leads to bigger budget allocation for fighting it," she said.

FBI Director Christopher Wray sounded the alarm on ransomware in stark terms by likening the challenge posed by the recent spate of damaging cyber attacks on the US to the September 11 terrorist attacks, calling for a similar response. His remarks come as officials across government have tried to step up the urgency of the response to the problem after back-to-back ransomware incidents exposed the vulnerability of critical industries in the United States.

"The scale of this problem is one that I think the country has to come to terms with," he added.

Wray's remarks reflect a developing consensus within the Biden administration that ransomware ranks among the gravest threats to national security the United States has ever faced. And it is part of a broader, all-hands effort by the White House to convince the public it has control of the situation — even as some cybersecurity experts say the executive branch is limited in what it can do unilaterally to stop the attacks.