Detail

White House Urges Companies to Build Cyber Defenses as Ransomware Attacks Increase; Commercial Facilities Cyber Working Group Sharing Information on Threats

  • June 11, 2021

 Anne Neuberger White House Deputy National Security Advisor for Cyber and Emerging Technology

The increasing frequency and size of ransomware cyberattacks on U.S. companies prompted the White House on June 2 to issue a stark warning urging businesses to take "immediate steps" to increase their ransomware defense based on the federal government’s best practices. (White House  Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, above)

A National Threat

  • Ransomware is a type of malicious computer network attack where criminals encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to the public.

  • The document from the White House's Neuberger notes, “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.” (White House, What We Urge You To Do To Protect Against The Threat of Ransomware and Readout of Neuberger Meeting)

  • In the past month, $15 million in cyber-ransom was paid to hackers in bitcoin by Colonial Pipeline and JBS USA, the world’s largest meat-processing company. The U.S. Justice Department reported on June 7 that it had retrieved $2.3 million paid by Colonial. (Axios, June 9 and CNBC, June 8)

  • In an interview with the Wall Street Journal this week, FBI Director Christopher Wray compared the challenge of countering the threat of ransomware to the 9/11 terrorist attacks and that the agency was currently investigating about 100 different types of ransomware.

  • Wray also testified on June 10 before the House Judiciary Committee that companies should not make ransomware payments to hackers but instead contact the FBI for help to restore stolen data. Wray said, “There are a whole bunch of things we can do to prevent this activity from occurring, whether they pay the ransom or not, if they communicate and coordinate with law enforcement right out of the gate. That's the most important part,” he added. (AP, June 10)

  • Additional hearings this week on ransomware and other cyber threats to infrastructure where held by the Senate Homeland Security and Governmental Affairs Committee on June 8 and the House Homeland Security Committee on June 9.

CRE and Cybersecurity

REISAC logo x475

  • The RE-ISAC has worked with InfraGard National Capital Region (InfraGardNCR) to establish the Commercial Facilities Cyber Working Group (CCWG), a virtual effort to share cyber threat intelligence. The group shares threat reports, ransomware victim examples, and other information on a regular basis. 

Resources and Reference

cybersecurity control room

For more information, contact Gate 15 Managing Director and RE-ISAC staff Andy Jabbour or The Roundtable’s RE-ISAC Executive Director and HSTF Liaison Chip Rodgers.

#  #  #