Security Experts:

Connect with us

Hi, what are you looking for?



White House Urges Private Companies to Help in Fight Against Ransomware

In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.

In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.

The memo, signed by Anne Neuberger, deputy national security advisor for cyber and emerging technology, mentions the recent increase in the number of ransomware incidents, as well as the Biden administration’s response to such attacks targeting government and private sector organizations.

In response to a series of cyberattacks that affected U.S. critical infrastructure both directly and indirectly – including the SolarWinds incident and the Colonial Pipeline attack – President Joe Biden signed an executive order on improving the cyber-defenses of “vital institutions.”

Furthermore, the White House announced sanctions against multiple Russian individuals and companies, and revealed plans to step up its game on fighting ransomware.

“These efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds,” Neuberger notes in this week’s memo.

In the letter, Neuberger also underlines that private businesses too have “a critical responsibility to protect against these threats,” listing a series of steps that all organizations can take to improve their resilience against ransomware and other cyber-threats.

These include implementing multi-factor authentication, detection and response, and encryption, keeping data backed up, keeping systems and applications up to date, employing a skilled security team and auditing their work, and implementing network segmentation.

“Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the U.K. The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” Neuberger continues.

The suggested steps, however, are not new. In fact, they represent common sense when it comes to building an organization’s security and are likely already implemented by most organizations out there. Threat actors, however, relentlessly search for possible weaknesses in defenses and attempt to exploit even the smallest gap they find.

“From what we have observed, ransomware attacks usually start with either tricking an employee into executing a malicious payload, or by exploiting internet-exposed systems. To protect against cyber-attacks it is critical that you train employees against social engineering attacks,” Felipe Duarte, security researcher at Appgate, said in an emailed comment. The adoption of a Zero Trust approach can also help organizations strengthen their security posture, he says.

According to Kunal Anand, chief technology officer at Imperva, in addition to providing guidelines, the federal government should do more to help enterprises and small businesses in the U.S. protect themselves from ransomware and other cyberattacks.

“Instead of focusing on defensive and reactive measures, the Biden administration needs to take a more effective position – aimed at providing tactical support and resources. The U.S. government should be looking at setting up departments that can help the private sector, or an Emergency Cybersecurity Center for broadcasting threats and attacks to everyone,” Anand said.

“At a time when the nation is under siege by ransomware attacks that are disrupting daily life, the U.S. Government needs to ask industry leaders to donate their time – whether it’s helping provide recommendations, setting up resource groups, etc. This should be seen as a patriotic duty,” he added.

Related: Biden Says ‘Looking’ at Russia Retaliation Over Cyberattack

Related: Ransomware Attack Hits Nantucket, Martha’s Vineyard Ferry Service

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack