White House launches ransomware task force amid calls for retaliation against Russia
Washington — Following a slew of high-profile ransomware attacks, the Biden administration has formed a multi-agency government task force aimed at curtailing malicious, state-sponsored cyber activity and hardening the nation's cybersecurity defenses, as more and more of American critical infrastructure migrates online.
The weekly, cross-agency summits held by the task force have kickstarted a series of initiatives aimed at building up digital resilience among small businesses, preventing anonymized cryptocurrency platforms from being used for ransom payments and offering up to nine figures in cash rewards for information leading to the arrests of state-linked ransomware actors.
Lawmakers and private industry leaders have piled pressure on President Joe Biden as the White House contemplates more forceful retaliation in response to what U.S. officials consider Russian President Vladimir Putin's failure to curb ransomware operators. The cyberattacks that led to the days-long fuel shortage on the East Coast, halted one of America's largest beef suppliers and hamstrung thousands of businesses over the July 4th weekend have fueled calls for tougher action.
"We're looking for an enduring impact on the ransomware that's plaguing companies around the world, governments around the world," a senior administration official told reporters on Wednesday. "No one thing will achieve that."
The kitchen-sink approach to cybercrime harnesses the collective authorities and skillsets of the Departments of Justice (DOJ), Homeland Security (DHS), State and Treasury, among other agencies.
DHS' cyber arm, the Cybersecurity and Infrastructure Security Agency (CISA), will unveil a new website, stopransomware.gov, as a one-stop-shopping hub for small businesses looking for tips to boost their security and resiliency to attacks.
Government agencies led by the Department of Justice will work to halt ransom payments made through anonymized cryptocurrency platforms.
"The exploitation of virtual currency to launder ransomware proceeds is, without question, facilitating ransomware," a senior administration official told reporters. "There's inadequate international regulation of virtual currency activity, which is a key factor in how cybercriminals are able to launder their funds, demand ransomware payments, and fuel sophisticated cybercrime as a service business model."
But experts say that halting illicit transactions with virtual money, and tackling ransomware more broadly, will require intense international cooperation.
Political leaders at the latest G7 Summit in the U.K. addressed ransomware at length. They called on all nations to "urgently identify and disrupt ransomware criminal networks operating from within their borders."
But many of America's European allies continue to rely on Russian energy supplies, which may dampen calls for harsher retaliation.
The Treasury Department's Financial Crimes Enforcement Network or "FINCEN" plans to host a virtual conference on ransomware with "institutions, technology firms, third party service providers and federal government agencies to discuss ongoing concerns regarding ransomware," according to a senior administration official.
The State Department plans to commission a "Rewards for Justice" program, paying up to $10 million in cash in exchange for tips leading to the arrests of state-linked ransomware actors.
Only days after the president and lawmakers called on Russia to sanction ransomware groups targeting Americans, the "REvil" cybercriminal gang, which carried out this month's attack on American software company Kaseya, disappeared off the dark web.
Both the group's blog site and ransom negotiation portal shut down, CBS News confirmed. It remains unclear whether the U.S. or Russia disrupted REvil's online infrastructure, or if the criminals simply decided to pull back as other groups have done when they come under the scrutiny of U.S. intelligence and cybersecurity agencies.
Asked whether the U.S. government had done anything to take down REvil's websites or pressured Russia to do so, a senior administration official would only say that White House officials had "noted the disruption of the REvil infrastructure and have no further comments on that at this time."
President Biden and National Security Advisor Jake Sullivan have indicated that the U.S. government is still searching for signs that Russian President Vladimir Putin took last month's diplomatic summit in Geneva to heart.
"We're looking for meaningful, meaningful progress on ransomware, particularly that's disruptive to critical infrastructure," the senior administration official said. "So we're watching closely, and we are looking for the Russians to make progress."
During a news conference on Wednesday, Kremlin spokesperson Dmitry Peskov denied any direct knowledge or involvement in REvil's abrupt disappearance, saying he didn't "know which group has disappeared from where."
Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technology, briefed senators on the administration's plan during a 35-minute phone call on Wednesday. That call was followed later in the evening by a briefing for all House members.
While Neuberger dominated much of the call, one Senate aide said the Biden administration had gained two more notable cyber leaders: Chris Inglis was sworn in as the first-ever national cyber director last month, overseeing the national cyber strategy from the White House and, on Tuesday, following a drawn-out confirmation process, Jen Easterly began work as director of CISA, installing its first Senate-confirmed leader in more than eight months.
In their discussions with congressional leaders, the officials requested new authorities to establish mandatory cyber standards for operators of critical infrastructure, according to Senate aides.
In May, following the Colonial Pipeline hack, DHS mandated cybersecurity regulations for the nation's leading pipeline companies,. But a majority of the nation's critical infrastructure sectors — including dams, public health and agriculture — still do not impose mandatory cyber standards. Lawmaker efforts to institute mandatory cyber requirements dictated by Congress failed nearly a decade ago in the face of strong industry dissent.
The federal government's ransomware task force rollout comes as Congress considers bolstering cybersecurity funding, and debates legislation that would obligate critical infrastructure companies to report hacks directly to the federal agencies.