In a rare move, the White House has issued an open letter to US companies, encouraging business leaders to treat ransomware risks as an urgent matter. The back-to-back attacks on major US enterprises functioned as the catalyst for this call-to-action.
The White House writes that leaders must better understand the role that they play in preventing and mitigating ransomware threats. “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” states the US National Security Council’s top cyber official, Anne Neuberger. Organizations are encouraged to reassess ransomware defenses and to ensure that they’re capable of contending with an attack.
The US has seen a concerning shift from simple data theft hacks to the deliberate disruption of public and private services. Ransomware prevention must become a core element of business operations, as opposed to a secondary consideration. Neuberger states that organizations should “immediately convene their leadership teams” to discuss the issue.
The letter’s recipients
Neuberger’s signed letter went to “key companies”. These companies regularly engage with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency regarding policies and best practices.
The White House continues to advocate for all organizations to take action around the recommendations provided in a recent cyber security-focused executive order. The executive order included details pertaining to updating systems and segmenting networks.
This week, the Biden administration has also commenced a review of national ransomware prevention practices. A group is expected to analyze the use of cryptocurrencies by cyber criminals and legal actions that could block their continued use.
According to White House press secretary, Jen Psaki, “This attack is a reminder about the importance to private sector entities of hardening their cybersecurity and ensuring they take the necessary steps to prepare for this threat, which we’ve seen rising even over the last few weeks”.
Private sector participation
White House officials state that private sector entities must have a seat at the table when it comes to mitigating national cyber security issues. The public and private sectors must closely coordinate, presenting a unified national direction.
Continued government response
“We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable,” said the FBI in a statement. “A cyber attack on one is an attack on us all.”
The White House also intends to clearly convey to the international community that responsible nations “do not harbor ransomware criminals“. In terms of potentially issuing international sanctions, at present, the White House does not intend to neglect the option.
By meeting with international leaders concerning the high-profile nature of recent ransomware attacks, Biden aims to encourage a “stable, predictable relationship”, with other G8 nations.
On Wednesday, reporters peppered Biden with questions about retaliating on nation-states that have conducted ransomware attacks. Biden’s response was “We’re looking closely at that issue”.
Global ransomware threat
Ransomware remains as a significant and serious issue for organizations worldwide. In 2020, the true cost of ransomware is estimated to have hit $42 billion.
Microsoft, Amazon, the FBI and the UK’s National Crime Agency have joined together to provide governments with more than 50 ransomware-related recommendations. “More than just money is at stake,” says the task force. Among numerous proposals, the task force indicates that governments should make reporting around payment of ransom requests mandatory for all victim organizations.