White House urges businesses to step up ransomware defenses
The Biden administration is urging businesses to take "immediate steps" to increase their ransomware defenses in the wake of several high-profile cyberattacks, according to a White House memo obtained by Axios.
Why it matters: The U.S. government's former top cybersecurity official Chris Krebs has described ransomware as a "global pandemic" — a crime that is increasingly common, but highly disruptive.
Context: Cyber criminal groups have launched at least two significant ransomware attacks against major businesses in roughly a month.
- In May, a criminal group breached the Colonial Pipeline, the largest refined products pipeline network in the country. The attack forced the pipeline to shutdown, halting fuel deliveries along the East Coast for days. The company paid the hacker group $4.4 million to regain access to its computers.
- A Russia-linked ransomware group forced all of JBS SA's beef plants in the U.S. to temporarily shut down this week, exposing the vulnerability of the world's largest meat processor.
- “They went after our gas and they went after our hot dogs. No one is out of bounds here," Krebs warned on NBC's "Today" show on Wednesday.
What they're saying: "All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location," White House deputy national security adviser Anne Neuberger wrote in the memo to businesses.
- "Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat," it continues.
- Neuberger recommended that businesses enable multi-factor authentication for sensitive accounts, use endpoint detection and response tools, and encrypt and regularly back up their data.
- She also called on businesses to separate corporate business functions and manufacturing/production operations to ensure certain networks can be isolated and continue to operate in the event of an attack.
The big picture: On top of ransomware attacks, numerous U.S. businesses and organizations have also been victims of other types of cyberattacks recently.
- The major SolarWinds breach by Russian-backed hackers became public in December 2020, though the full extent of that attack is still unknown.
- In March, Microsoft discovered that at least 30,000 U.S. victims — including small businesses and local governments — had been hacked by a cyber espionage unit backed by the Chinese government.
- Microsoft also discovered last week that the same Russian hackers behind the SolarWinds breach launched another wave of cyberattacks against government agencies, think tanks, consultants and NGOs.
Go deeper: Ransomware business achieves critical mass