Connect with us

Hi, what are you looking for?



White House Urges Private Companies to Help in Fight Against Ransomware

In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.

In an open letter, the White House this week urged corporate executives and business leaders to take the appropriate measures to protect their organizations against ransomware attacks, only days after meat-packaging giant JBS fell victim to such an attack.

The memo, signed by Anne Neuberger, deputy national security advisor for cyber and emerging technology, mentions the recent increase in the number of ransomware incidents, as well as the Biden administration’s response to such attacks targeting government and private sector organizations.

In response to a series of cyberattacks that affected U.S. critical infrastructure both directly and indirectly – including the SolarWinds incident and the Colonial Pipeline attack – President Joe Biden signed an executive order on improving the cyber-defenses of “vital institutions.”

Furthermore, the White House announced sanctions against multiple Russian individuals and companies, and revealed plans to step up its game on fighting ransomware.

“These efforts include disrupting ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds,” Neuberger notes in this week’s memo.

In the letter, Neuberger also underlines that private businesses too have “a critical responsibility to protect against these threats,” listing a series of steps that all organizations can take to improve their resilience against ransomware and other cyber-threats.

These include implementing multi-factor authentication, detection and response, and encryption, keeping data backed up, keeping systems and applications up to date, employing a skilled security team and auditing their work, and implementing network segmentation.

Advertisement. Scroll to continue reading.

“Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the U.K. The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” Neuberger continues.

The suggested steps, however, are not new. In fact, they represent common sense when it comes to building an organization’s security and are likely already implemented by most organizations out there. Threat actors, however, relentlessly search for possible weaknesses in defenses and attempt to exploit even the smallest gap they find.

“From what we have observed, ransomware attacks usually start with either tricking an employee into executing a malicious payload, or by exploiting internet-exposed systems. To protect against cyber-attacks it is critical that you train employees against social engineering attacks,” Felipe Duarte, security researcher at Appgate, said in an emailed comment. The adoption of a Zero Trust approach can also help organizations strengthen their security posture, he says.

According to Kunal Anand, chief technology officer at Imperva, in addition to providing guidelines, the federal government should do more to help enterprises and small businesses in the U.S. protect themselves from ransomware and other cyberattacks.

“Instead of focusing on defensive and reactive measures, the Biden administration needs to take a more effective position – aimed at providing tactical support and resources. The U.S. government should be looking at setting up departments that can help the private sector, or an Emergency Cybersecurity Center for broadcasting threats and attacks to everyone,” Anand said.

“At a time when the nation is under siege by ransomware attacks that are disrupting daily life, the U.S. Government needs to ask industry leaders to donate their time – whether it’s helping provide recommendations, setting up resource groups, etc. This should be seen as a patriotic duty,” he added.

Related: Biden Says ‘Looking’ at Russia Retaliation Over Cyberattack

Related: Ransomware Attack Hits Nantucket, Martha’s Vineyard Ferry Service

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...