THE US will be hit by more ransomware attacks carried out by gangs linked to foreign governments, top cybersecurity officials have warned.
America has been hit by a series of devastating hacks in recent months that have targeted national interests, including an attack on meatpacking firm JBS and the days-long shutdown of the Colonial Pipeline.
Last month, the Colonial Pipeline was shuttered for several days after its servers were breachedCredit: EPA
Meatpacking firm JBS fell victim to a ransomware attack over the weekendCredit: Getty Images – Getty
Christopher Butera, head of Threat Hunting for the Cybersecurity and Infrastructure Security Agency (CISA), said on Wednesday that ransomware has “continued to increase, especially in our state, local governments, as well as our critical instructor space.”
Speaking at a virtual summit, Butera added that hacking groups have become “more brazen”, and that they’ve “started to exfiltrate data and try to extort payments.”
“I do think we will continue to see that happen,” he warned, adding that cybersecurity reform should be top of the White House’s agenda.
Ransomware attacks have increasingly targeted American interests in recent months.
The latest hack shuttered several production plants across the country that are linked to the Brazil-based JBS, the world’s largest meat processing company.
The hack also affected plants in Canada and Australia.
Federal investigators believe the Russia-based hacking group REvil – also known as Sodinokibi – is behind the breach. They’re one of the most prolific and profitable cyber-criminal groups in the world, the FBI said.
Christopher Butera, head of Threat Hunting for the Cybersecurity and Infrastructure Security Agency said more attacks will comeCredit: Twitter
Ransomware attacks have increasignly targeted American interests in recent monthsCredit: Getty
The breach was first detected on Sunday and caused all meatpacking operations to cease until Thursday, where they have since resumed in a limited capacity.
It came just one month after a since disbanded hacking group called Darkside – who also have ties to Russia – infiltrated the Colonial Pipeline, causing the vital conduit to stop all distribution for several days on end.
The shutdown caused fuel prices to soar to a seven-year high, as panic buying set in and hundreds of gas stations in a number of states saw their reserves run completely dry.
Colonial Pipeline paid the hackers $4.4 million to relinquish control of their servers.
Butera said the government advises against paying ransoms in cyber-attacks, but says he “understands” if private companies disagree.
“The government does not advocate paying ransoms,” Butera said. “But we do understand that it is a significant, difficult decision for some of these organizations when they are put under the gun to try to manage their business operations during these times.”
The pipeline shutdown caused fuel prices to soar to a seven-year high, as panic buying set in and hundreds of gas stations in a number of states completely ran out of fuelCredit: Reuters
JBS stopped its meat packing operations from Sunday to ThursdayCredit: Getty Images – Getty
In his decision to pay Darkside, Colonial CEO Joseph Blount said he was unsure how deeply the hack had breached its systems and how long it would take to get them back online.
“I know that’s a highly controversial decision,” he told the Wall Street Journal. “
I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
“But it was the right thing to do for the country,” he added.
Resident Fellow for the American Enterprise Institute (AEI) Klon Kitchen told Fox News that paying ransoms incentivizes future attacks.
He said that there are two major problems that arise when the sum is paid: firstly, there is no guarantee a hacker will unlock the sever, and secondly, the payment sets a precedent that could encourage other groups to engage in ransomware.
Colonial CEO Joseph Blount said he was unsure how deeply the hack had breached its systemsCredit: LinkedIn
US policy needs to more directly engage with ransomware,” he urged. “We need to change the political calculus of foreign governments who allow ransomware attackers to operate with impunity within their borders.”
On Wednesday, the White House said that President Joe Biden would bring up the issue of cyber-attacks when he meets with Russian President Vladimir Putin in two weeks.
“Responsible states do not harbor ransomware criminals,” press secretary Jen Psaki said, adding that the US is “not taking any options off the table in terms of how we may respond” to future hacks.
The White House has launched a “rapid strategic review” of policies around ransomware, Psaki continues.
The press secretary said the administration would begin taking steps targeting the “disruption of ransomware infrastructure,” while working closely with the private sector.