Cybersecurity News

DOJ, White House Take Aim at Critical Infrastructure Ransomware Attacks

Following disruptive ransomware attacks on NY MTA, MA Steamship Authority, and JBS Meats, the DOJ and the White House announce steps to crack down on threat actors.

Biden Administration to crack down on ransomware attacks and threat attacks, as DOJ announces requirements for US attorneys to coordinate on investigations

By Jessica Davis

- This week, the White House and the Department of Justice announced efforts to improve the coordination of investigations into ongoing ransomware attacks and data extortion efforts, while urging private sector entities to make ransomware defense a top priority.

The federal efforts come on the heels of repeated critical infrastructure attacks that have disrupted the supply chain, including SolarWinds, Accellion FTA, Colonial Pipeline, and the latest attacks on JBS Meat, Massachusetts Steamship Authority, and New York Metropolitan Transportation Authority.

Attack repercussions are rippling across the country and demanding greater defenses and coordination across entities, federal agencies, and global entities.

DOJ Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger sent a letter to all federal prosecutors on June 3, which provided guidance for coordinating investigations into all cases of ransomware or digital extortion and individuals suspected of unlawful operation of infrastructure used in these schemes, like botnets and cryptocurrency.

Stressing the role of the recently launched Ransomware and Digital Extortion Task Force in coordinating with US Attorneys General, the FBI, and other federal cybercrime departments, Neuberger initiated new requirements to combat these attacks from all sides.

Among the requirements: An urgent report must be filed in every ransomware instance or digital extortion attack reported to a US Attorney General Office, within their district. Attacks on critical infrastructure were listed as a critical priority.

Further, the DOJ placed the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) in charge of cases that fall outside of the new policies. The department will be assisted by the Executive Office for United States Attorneys in tracking down and monitoring ongoing ransomware-related incidents.

Overall, the requirements seek to drastically improve communication between all departments tasked with enforcement and cyber-related incidents to better develop lawful ways to dismantle nefarious infrastructure and attacks against US entities.

Meanwhile, the White House sent a letter to business leaders on June 2, which detailed recommended best practices to better combat the increasingly disruptive attacks. Many of which were included in the Biden Administration’s Executive Order on bolstering supply chain cybersecurity and threat sharing.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” according to the memo. “But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.”

"We urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat,” it added.

Best practice mitigations include implementing multi-factor authentication across all relevant endpoints, encrypting data wherever possible, leveraging endpoint detection and response tools, and routinely employing well-tested data backup and recovery processes.

Prompt patching and software updates, network segmentation, well-tested incident response plans, and partnering with a third-party vendor for pen testing are among other recommendations.

The Office for Civil Rights, Microsoft, and NIST have also previously provided ransomware-specific guidance that can support healthcare entities struggling with employing best practice defenses.

During a June 2 press conference, Press Secretary Jen Psaki confirmed that the ransomware task force has been evaluating the ongoing JBS cyberattack. The administration believes that the attack should serve as a reminder to private sector entities that the time to harden cybersecurity is now.

The President has also launched a rapid strategic review, focused on evaluating the increased threat posed by ransomware. As repeatedly noted, healthcare remains a prime target for these attacks.

The strategic review will work closely with the private sector to address ransomware infrastructure and threat actors in hopes of working in close coordination to better thwart these threats.

The administration also hopes to build an international coalition to hold countries accountable that harbor ransomware hackers and plans to expand the analysis of cryptocurrency to find and pursue criminal transactions. The administration’s own policies will also be reviewed.

“Obviously, ransomware attacks — we’ve seen them increase over a period of time,” said Psaki. “It’s an increasing threat to the private sector and to our critical infrastructure.  And there are other countries, many of whom we will see when the President is in Europe, who have similar concerns.”

“Harboring criminal entities that are intending to do harm, that are doing harm to the critical infrastructure in the United States is not acceptable,” she added. “We’re not going to stand by that; we will raise that, and we are not going to take options off the table.”