The White House is urging private companies to take immediate action to boost their ransomware protections after several recent high-profile cyber attacks slowed critical US supply chains, according to a new memo.
"Ransomware attacks have disrupted organizations around the world, from hospitals in Ireland, Germany and France to banks in the United States and the UK," Anne Neuberger, deputy national security adviser for cyber and emerging technology, wrote in a memo. For corporate executives and business leaders.
"The threats are serious, and they are increasing. We urge you to take these important steps to protect your organizations and the American public," she said. "The private sector has a different and important responsibility. The federal government stands ready to help you implement these best practices."
The memo comes as the world's largest beef supplier, JBS, was hacked on Sunday, forcing the company to take the system offline and shut down operations in North America and Australia, leaving some of the US meat supply. was in danger.
In less than a month, a Russian cybercrime gang hacked Colonial Pipeline, a major US fuel supplier, prompting the company to shut down pipeline activity for five days and cause gas shortages . Colonial Pipeline paid the hackers about $5 million in ransom.
In the memo, Neuberger suggested "a small number of highly impactful steps" that he said companies could take immediately to help them make "rapid progress on reducing risk".
Pipeline hack highlights urgency of cybersecurity threat against US infrastructure
May 16, 202104:41
Neuberger encouraged the private sector to adopt best practices, such as multifactor authentication and encryption aimed at addressing cyberattack vulnerabilities in the country, in an executive order President Joe Biden signed in May.
Neuberger also urged companies to back up data and keep backups offline so that they are not vulnerable to ransomware variants; updating and patching the system regularly; To create and test an incident response plan so that businesses can maintain operations in the event of an attack; and to segment the network so that corporate business functions are separated from manufacturing and production functions.
“While we have locks and alarm systems in our homes and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure that your corporate cyber security threats are protected against us.” match," Newberger wrote.
Deputy Attorney General Lisa Monaco also issued a memo on Thursday that outlined new guidelines related to reporting ransomware investigations.
“To ensure that we can build the necessary links in national and global cases and investigations, and to allow us to develop a comprehensive picture of national economic security threats, we need to increase the internal tracking of investigations and prosecutions of ransomware groups. must grow and centralize. And the infrastructure and network allow these threats to continue,” Monaco wrote.
White House Press Secretary Jen Psaki on Thursday called ransomware a "global problem" and said Biden will discuss the topic with world leaders later this month when he attends the Seven Summits and NATO summits in Europe .
Psaki said Biden would also bring up the recent hack with Russian President Vladimir Putin during his personal meeting in Geneva on June 16.
"The president's message will be that responsible states do not harbor ransomware criminals and that responsible countries must take decisive action against these ransomware networks," Saki said. "He will be a part of the discussion when he sees her in less than two weeks."
Saki said the administration continues to advise private companies not to pay ransoms because it encourages attacks.
The chairman of the House Intelligence Committee, Rep. Adam Schiff, D-California, said in an interview with MSNBC on Thursday that the U.S. More efforts are needed to protect the U.S. from cyber attacks.
"We need both to toughen our private defenses in corporate America, we need to toughen our government defenses which are still not enough," he said. “But we also, I think, need to be more on crime, disrupting, using our cyber capabilities to try and snatch some of the profitability from these groups.”