What's happening with cyberattacks in the US

By Mike Hayes, Melissa Macaya, Melissa Mahtani, Veronica Rocha and Meg Wagner, CNN

Updated 7:36 p.m. ET, June 7, 2021
4 Posts
Sort byDropdown arrow
1:47 p.m. ET, June 7, 2021

Ransomware will be addressed at every stop of Biden's foreign trip, White House official says

From CNN's Jason Hoffman

National Security Advisor Jake Sullivan talks to reporters during the daily news conference in the Brady Press Briefing Room at the White House on June 7 in Washington, DC.
National Security Advisor Jake Sullivan talks to reporters during the daily news conference in the Brady Press Briefing Room at the White House on June 7 in Washington, DC. Chip Somodevilla/Getty Images

National security adviser Jake Sullivan said the administration will address ransomware, which he called a “national security priority” at every stop of President Biden’s first foreign trip as President, saying the US hopes to see commitments from its allies on how to address cyber threats.

“Ransomware is a national security priority, particularly as it relates to ransomware attacks on critical infrastructure in the United States, and we will treat it as such in the G7, we will treat it as such at every stop along the way on this trip,” Sullivan said at Monday’s White House press briefing.

Pressed by CNN’s Phil Mattingly on what specific commitments the US would like to see on ransomware coming out of the G7 and NATO summits, Sullivan said he hopes there is the start of an “action plan” between the US and its allies across a number of critical areas in regards to continued ransomware threats.

“First, how to deal with the increasing the robustness and resilience of our defenses against ransomware attacks collectively. Second how to share information about the nature of the threat among our democracies. Third, how to deal with the cryptocurrency challenge which is lies at the core of how these ransom transactions are played out,” Sullivan said.

Sullivan added he wants to address how the countries at the G7 can “collectively speak with one voice to those countries, including Russia, that are harboring or permitting cyber criminals to operate from their territory.”

Some more context: In an interview with Axios, Secretary of State Antony Blinken said Biden’s meeting with Russian President Vladimir Putin is happening “not in spite of” the cyberattacks, but “because of them,” and Biden will warn Putin “directly and clearly what he can expect from the United States if aggressive, reckless actions toward us continue.”

“We will also speak in the NATO context about cyber threats, particularly as they relate to critical infrastructure, as being of a different order of magnitude of security threat that the alliance has to concern itself with a way that it hasn't historically, but it's got to become a priority going forward,” Sullivan said.

CNN reported Friday that Biden and White House officials are increasingly worried about a major attack on various sectors.

 

12:22 p.m. ET, June 7, 2021

Why hackers are targeting physical infrastructure

From CNN's  Rishi Iyengar and Clare Duffy

Fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on May 13 in Woodbine, Maryland.
Fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station on May 13 in Woodbine, Maryland. Drew Angerer/Getty Images

Many people think of cyberattacks as just that: an attempt by hackers to steal sensitive data or money online. But now hackers have found a significant moneymaker in targeting physical infrastructure.

These attacks have the potential to spark mayhem in people's lives, leading to product shortages, higher prices and more. The greater the disruption, the greater the likelihood that companies will pay to alleviate it.

"If you're a ransomware actor, your goal is to inflict as much pain as possible to compel these companies to pay you," said Katell Thielemann, Gartner's vice president analyst for security and risk management. "This is beyond cybersecurity only, this is now a cyber-physical event where actual, physical-world processes get halted. When you can target companies in those environments, clearly that's where the most pain is felt because that's where they make money."

Multiple recent ransomware attacks have originated from Russia, according to US officials. Last Wednesday, the FBI attributed the attack on meat producer JBS to Russia-based cybercriminal group called REvil, which also tried to extort Apple supplier Quanta Computer earlier this year. REvil is similar to DarkSide, the group US officials said was behind the ransomware attack that shut down the Colonial Pipeline last month.

Experts say both REvil and DarkSide operate what are essentially "ransomware-as-a-service" businesses, often employing large staffs to create tools to help others execute ransomware attacks, and taking a cut of the profits. In some cases, they also carry out their own attacks. Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere because they bring money into the country, cybersecurity experts say.

The list of potential targets is long. The US government's Cybersecurity and Infrastructure Agency (CISA) lists 16 different industries as "critical infrastructure sectors," including energy, healthcare, financial services, water, transportation, food and agriculture, the compromise of which could have a "debilitating effect" on the US economy and security. But experts say much of this infrastructure is aging, and its cyber defenses haven't kept up with the evolution of bad actors.

Read more here.

11:50 a.m. ET, June 7, 2021

What should I do if I'm targeted in a ransomware attack?

From CNN's Samantha Murphy Kelly

While American companies have been targeted in recent high-profile cyberattacks, individual people — anyone who uses the internet — can also be at risk.

Criminal organizations behind ransomware attacks don't care if the victim is an individual or a business, they just want to get paid. Ransomware is often obtained through social engineering — an act of someone stealing personal data by using information gleaned from their social media account — phishing emails or getting someone to click on a link on a website. It's especially prevalent on pornography and pirate websites that promise free viewing. Ransomware kits are also sold on the dark web, a part of the internet not detected by search engines where cybercriminals often sell and buy illicit materials.

So what should you do if you've fallen victim? The FBI's general guidance is that victims should not pay a ransom.

"The FBI does not support paying a ransom in response to a ransomware attack," according to the FBI website. "Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."

If a hacker gets a credit card number and goes on a shopping spree, a bank can often reverse the charges, but the use of cryptocurrency makes funds nearly impossible to get back. Some common malware infections can be reversed with existing cybersecurity tools but many cannot.

"Ransomware groups evolve their tactics generally when they see that cybersecurity tools can counter them," said Michela Menting, research director at ABI Research. Some security researchers have tools to decrypt ransomware, but they're not always reliable because many ransomware versions exist.

People who are hit with ransomware should treat their computer as though it's compromised even after it's been unlocked. "This is because you do not know what changes the ransomware made to the system when it was infected," Randall Magiera, cybersecurity expert and professor of information technology at Tulane University, said.

He suggested erasing the computer's hard drive and reinstalling the entire operating system rather than selecting the option that restores files.

Even though it's hard to track down the criminals and prosecute them, anyone targeted should report the crime to police officials, according to Menting. "The greater the number of incidents reported, the more visibility this provides to law enforcement, which eventually leads to bigger budget allocation for fighting it," she said.

12:18 p.m. ET, June 7, 2021

Why the FBI director compared the challenge posed by ransomware attacks to 9/11

From CNN's Brian Fung, Geneva Sands, Rachel Janfaza and Zachary Cohen

Christopher Wray, director of the Federal Bureau of Investigation, listens during a House Intelligence Committee hearing on April 15 in Washington, D.C.
Christopher Wray, director of the Federal Bureau of Investigation, listens during a House Intelligence Committee hearing on April 15 in Washington, D.C. Al Drago/Pool/Getty Images

FBI Director Christopher Wray sounded the alarm on ransomware in stark terms by likening the challenge posed by the recent spate of damaging cyber attacks on the US to the September 11 terrorist attacks, calling for a similar response. His remarks come as officials across government have tried to step up the urgency of the response to the problem after back-to-back ransomware incidents exposed the vulnerability of critical industries in the United States.

"There are a lot of parallels, there's a lot of importance, and a lot of focus by us on disruption and prevention," Mr. Wray said in an interview with the Wall Street Journal on Thursday. "There's a shared responsibility, not just across government agencies but across the private sector and even the average American."

"The scale of this problem is one that I think the country has to come to terms with," he added.

Wray's remarks reflect a developing consensus within the Biden administration that ransomware ranks among the gravest threats to national security the United States has ever faced. And it is part of a broader, all-hands effort by the White House to convince the public it has control of the situation — even as some cybersecurity experts say the executive branch is limited in what it can do unilaterally to stop the attacks.