The Biden administration is increasing its efforts to disrupt ransomware campaigns and punish the criminals who launch them.
Among the new initiatives is a new State Department program that’s being announced today offering rewards of up to $10 million for information that helps halt or punish hackers that lock up computers at vital U.S. industries and hold them for ransom.
It’s an offshoot of a program called Rewards for Justice aimed at combating international terrorism — another sign the administration is increasingly treating ransomware as a top national security threat.
The program is part of a four-pronged strategy that officials are announcing today, according to a preview from a senior administration official. It’s a response to a wave of blockbuster ransomware attacks in recent months that have disrupted U.S. gas supplies in the southeast, threatened to hinder meat supplies and wreaked havoc on hundreds of schools, local governments and small businesses.
Other elements of the strategy involve:
- Making it more difficult for ransomware gangs to transfer funds using cryptocurrency
- Urging international cooperation to combat ransomware
- Making U.S. institutions more resilient against hacking.
But don’t expect things to get better right away. The official emphasized it will be a long-haul effort and that more damaging ransomware hacks are probably on the horizon before it’s fully implemented.
“This is a problem that’s built up over a number of years and it’s not something that will be solved in a moment,” the official said. “It won’t be turned off like a light switch. But we’re looking for meaningful, meaningful progress.”
President Biden and Russian President Vladimir Putin. Biden is pressuring Putin to crack down on criminal ransomware attacks from Russian territory. (Jim Watson, Grigory Dukor/AFP/Getty Images)
The announcements are the first outcomes of a government-wide effort to crack down on ransomware launched by the White House in May.
During that time, the administration has settled on its major priorities. But a lot of details are still murky.
It’s not clear, for example, how aggressively U.S. officials are willing to go after ransomware hackers operating in Russian territory.
The Justice Department scored a big win last month when it clawed back more than $2 million that Colonial Pipeline paid to unlock its computers after an attack that disrupted gas supplies in the southeastern United States.
But such wins have been few and far between. Officials declined to answer questions about whether the recent disappearance of the REvil gang, which was responsible for the mammoth Kaseya attack over the Fourth of July weekend, was a result of U.S. actions.
“Our cyber response will continue to manifest in unseen and seen ways,” a senior administration official said. “Although we will not be in a position to provide detailed progress of all efforts, we will intermittently report on the holistic progress departments and agencies are making together to confront this years-long escalating threat.”
It’s also not clear what sort of international cooperation U.S. officials are seeking from allies — or if U.S. officials or allies will have the stomach for some of the most aggressive actions that have been suggested, such as severe sanctions on Russian Internet firms or its oil and gas sector.
One clear area of international cooperation will be increasing the transparency of cryptocurrency exchanges.
Among the announcements coming today is an international effort run by the Treasury Department focused on making it easier for law enforcement to track major cryptocurrency payments so they can stop ransoms before they reach hackers’ wallets.
Domestic efforts are somewhat clearer.
Officials are exploring how they can work with cyber insurance providers to improve digital security across critical industries.
They’re also pushing for more transparency from companies about when they’re hacked and mulling requiring such reporting from some key industries.
That move won support from many lawmakers considering a bill to mandate reporting to government about all cyber incidents affecting critical industries such as energy firms, pipelines and airports as well as from government contractors and cybersecurity companies.
“Most of the private sector critical infrastructure entities understand there’s a new relationship that has to be established,” Sen. Angus King (I-Maine) said. “This is something we have to move quickly on because the battle space is the control room of a utility or the basement of a bank.”
The Cybersecurity and Infrastructure Security Agency is also launching a new website this morning: stopransomware.gov.